SUSE-SU-2022:4598-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309...

SUSE-SU-2022:4597-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309. - CVE-2022-43551: Fixed HSTS bypass via IDN bsc1206308...

HTTP Proxy deny use after free

curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...

CVE-2022-43552

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

FreeBSD : curl -- multiple vulnerabilities (0f99a30c-7b4b-11ed-9168-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0f99a30c-7b4b-11ed-9168-080027f5fec9 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback...

Amazon Linux 2022 : curl (ALAS2022-2022-246)

The version of curl installed on the remote host is prior to 7.86.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-246 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send,...

Amazon Linux 2 : curl (ALAS-2022-1882)

The version of curl installed on the remote host is prior to 7.79.1-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1882 advisory. A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read...

Medium: curl

Issue Overview: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT...

curl: CVE-2022-43552: HTTP Proxy deny use-after-free

Issues reported by Trail of Bits. This is either one or two issues. Summary: ./src/curl 0 -x0:80 telnet:/j-uj-u//0 -m 01 ./src/curl 0 -x0:80 smb:/j-uj-u//0 -m 01 Both command line ends up having libcurl access and use already freed heap-memory. For read and write. Steps To Reproduce: See above, r...

PT-2022-7575 · Curl +11 · Curl +11

Name of the Vulnerable Software and Affected Versions: curl versions prior to 7.87.0 Description: A use after free vulnerability exists in curl. The issue arises when curl is asked to tunnel virtually all protocols it supports through an HTTP proxy, and the proxy denies such tunnel operations for...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

Double free

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

CVE-2022-42915

CVE-2022-42915 affects curl. A double-free can occur in curl 7.77.0 and later when using an HTTP proxy for non-HTTP(S) URLs, if the proxy returns a non-200 status and the URL uses schemes such as dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The error/cleanup path may trigger the me...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

Double Free

Curl is vulnerable to double free. The vulnerability is due to the use of HTTP proxy for a transfer with a non-HTTPS URL which allows an attacker to trigger a double free...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.86.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via IDN. HTTP proxy...