A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.

References

bugzilla.redhat.com/show_bug.cgi?id=2099306

curl.se/docs/CVE-2022-32208.html

nvd.nist.gov/vuln/detail/CVE-2022-32208

www.cve.org/CVERecord?id=CVE-2022-32208

cve 1

debiancve 1

osv 9

veracode 1

hackerone 2

cbl_mariner 2

nessus 39

openvas 28

ibm 18

alpinelinux 1

ubuntucve 1

prion 1

rocky 2

suse 3

redhat 25

almalinux 2

ubuntu 2

oraclelinux 2

photon 6

freebsd 1

fedora 2

mageia 1

slackware 1

cloudfoundry 1

amazon 2

rosalinux 1

ics 4

debian 2

gentoo 1

apple 1

tenable 1

oracle 1

cve

CVE-2022-32208

2022-07-07 13:15:00

debiancve

CVE-2022-32208

2022-07-07 13:15:00

osv

CVE-2022-32208

2022-07-07 13:15:08

Moderate: curl security update

2022-08-24 15:12:40

curl vulnerabilities

2022-07-01 02:04:04

veracode

Man-in-the-Middle (MitM)

2022-06-29 00:04:59

hackerone

Internet Bug Bounty: CVE-2022-32208: FTP-KRB bad message verification

2022-06-27 07:11:13

curl: CVE-2022-32208: FTP-KRB bad message verification

2022-06-02 20:12:35

cbl_mariner

CVE-2022-32208 affecting package curl 7.83.1-1

2022-08-03 21:15:00

CVE-2022-32208 affecting package curl 7.76.0-9

2022-08-24 22:05:05

nessus

CBL Mariner 2.0 Security Update: curl (CVE-2022-32208)

2023-03-20 00:00:00

Siemens SCALANCE XCM332 Out-of-Bounds Write (CVE-2022-32208)

2023-05-02 00:00:00

SUSE SLES12 Security Update : curl (SUSE-SU-2022:2356-1)

2022-07-12 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:2356-1)

2022-07-12 00:00:00

openSUSE: Security Advisory for curl (SUSE-SU-2022:2327-2)

2024-03-04 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2327-1)

2022-07-08 00:00:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in cURL libcurl (CVE-2022-32208)

2023-03-31 16:58:32

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)

2022-10-07 18:12:33

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)

2022-10-06 04:10:57

alpinelinux

CVE-2022-32208

2022-07-07 13:15:00

ubuntucve

CVE-2022-32208

2022-06-27 00:00:00

prion

Code injection

2022-07-07 13:15:00

rocky

curl security update

2022-08-24 15:12:40

curl security update

2022-08-24 14:56:48

suse

Security update for curl (important)

2022-07-07 00:00:00

Security update for curl (important)

2022-09-01 00:00:00

Security update for curl (important)

2022-07-06 00:00:00

redhat

(RHSA-2022:6159) Moderate: curl security update

2022-08-24 15:12:40

(RHSA-2022:6157) Moderate: curl security update

2022-08-24 14:56:48

(RHSA-2022:6287) Moderate: OpenShift Container Platform 4.11.3 packages and security update

2022-09-07 20:37:32

almalinux

Moderate: curl security update

2022-08-24 00:00:00

Moderate: curl security update

2022-08-24 00:00:00

ubuntu

curl vulnerabilities

2022-07-01 00:00:00

curl vulnerabilities

2022-06-27 00:00:00

oraclelinux

curl security update

2022-08-24 00:00:00

curl security update

2022-08-25 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2022-0412

2022-06-30 00:00:00

Moderate Photon OS Security Update - PHSA-2022-0491

2022-06-30 00:00:00

Critical Photon OS Security Update - PHSA-2022-3.0-0412

2022-06-30 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2022-06-27 00:00:00

fedora

[SECURITY] Fedora 35 Update: curl-7.79.1-5.fc35

2022-07-15 01:36:25

[SECURITY] Fedora 36 Update: curl-7.82.0-6.fc36

2022-07-01 01:09:59

mageia

Updated curl packages fix security vulnerability

2022-07-05 22:11:26

slackware

[slackware-security] curl

2022-06-28 19:27:52

cloudfoundry

USN-5495-1: curl vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

amazon

Medium: curl

2022-10-31 19:40:00

Medium: curl

2022-12-01 17:33:00

rosalinux

Advisory ROSA-SA-2023-2220

2023-08-22 13:18:19

ics

Siemens SCALANCE XCM332

2023-04-13 12:00:00

Siemens SINAMICS Medium Voltage Products

2023-06-15 12:00:00

Siemens SCALANCE, RUGGEDCOM Third-Party

2023-03-16 12:00:00

debian

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

apple

About the security content of macOS Ventura 13

2022-10-24 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for RH:CVE-2022-32208