Lucene search

K
redosRedosROS-20220516-09
HistoryMay 16, 2022 - 12:00 a.m.

ROS-20220516-09

2022-05-1600:00:00
redos.red-soft.ru
42
curl
oauth2
connection reuse
authentication process
mismanagement
leaking data
vulnerability
exploitation
remote attack
smptp
imap
pop3
ldap
redirect
port number
protocol
ipv6
cookie
http redirection

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.003

Percentile

68.9%

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors
for SASL-enabled protocols such as SMPTP(S), IMAP(S), POP3(S), and LDAP(S) (openldap only).
Exploitation of the vulnerability could allow an attacker acting remotely to reuse the
OAUTH2 authenticated connections without properly verifying that the connection has been
authenticated with the same credentials set for that transmission

The cURL command-line utility vulnerability is related to application attempts to perform redirects during the
during the authentication process, and does not treat different port numbers or protocols as separate targets for
authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a
redirect to a different protocol port number, and thus cause cURL to allow such a
redirection and pass the credentials

A vulnerability in the cURL command line utility is related to mismanagement of internal resources when working with the IPv6 protocol.
IPv6 protocol. Exploitation of the vulnerability could allow an attacker acting remotely,
cause an improper connection where one transmission uses a zone identifier and a subsequent transmission uses a different (or no) zone identifier.
transmission uses a different (or no) zone identifier

The cURL command-line utility vulnerability involves leaking authentication data or cookie headers during HTTP redirection.
cookie during HTTP redirection to the same host but with a different port number. Exploitation of the vulnerability
could allow an attacker acting remotely to mistakenly send the same set of headers to hosts
that are identical to the first but use a different port number or URL scheme

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64curl< 7.81.0-2UNKNOWN

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.003

Percentile

68.9%