CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

CVE-2022-32221

CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...

OESA-2022-2041 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to th...

OESA-2022-2039 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback...

OESA-2022-2040 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback...

MGASA-2022-0405 Updated curl packages fix security vulnerability

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. CVE-2022-32221...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-299-01)

The version of curl installed on the remote host is prior to 7.86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-299-01 advisory. - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non- HTTPS URL, it sets up...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:3773-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3773-1 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to...

POST following PUT confusion

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

UBUNTU-CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

PT-2022-5975

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.86.0 Description When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPT READFUNCTION to ask for data to send, even when the CURLOPT POSTFIELDS option has been set, if the same handle...

memory contents disclosure in cli_feat_read_cb

...

CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...