SUSE CVE-2022-27776

🗓️ 15 Feb 2023 03:26:46Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 3 Views

SUSE CVE-2022-27776 fixes curl leaks auth or cookie data on redirects to the same host with port.

Reporter	Title	Published	Views	Family All 247
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to data information exposure in cURL libcurl (CVE-2022-27776)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)	17 Sep 202202:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)	17 Sep 202212:04	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities	17 Jun 202218:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty	9 Aug 202205:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps	26 Mar 202502:21	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.	15 Dec 202209:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities	6 Oct 202204:10	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	12.3	any	curl	7.37.0-37.73.1	curl-7.37.0-37.73.1.noarch.rpm
SUSE Linux Enterprise Server	11.3	any	curl	7.37.0-70.77.1	curl-7.37.0-70.77.1.noarch.rpm
SUSE Linux Enterprise Server	12.5	any	curl	7.60.0-11.37.1	curl-7.60.0-11.37.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.5	any	curl	7.60.0-11.37.1	curl-7.60.0-11.37.1.noarch.rpm
OpenSUSE Leap	15.3	any	curl	7.66.0-150200.4.30.1	curl-7.66.0-150200.4.30.1.noarch.rpm
SUSE Linux Micro	5.1	any	curl	7.66.0-150200.4.30.1	curl-7.66.0-150200.4.30.1.noarch.rpm
SUSE Linux Micro	5.2	any	curl	7.66.0-150200.4.30.1	curl-7.66.0-150200.4.30.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.3	any	curl	7.66.0-150200.4.30.1	curl-7.66.0-150200.4.30.1.noarch.rpm
SUSE Linux Enterprise Server	15.3	any	curl	7.66.0-150200.4.30.1	curl-7.66.0-150200.4.30.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.3	any	curl	7.66.0-150200.4.30.1	curl-7.66.0-150200.4.30.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2022-27776
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1198766
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011003.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011004.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011005.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011006.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011008.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011009.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-May/011010.html

24 May 2026 01:16Current

7.6High risk

Vulners AI Score7.6

CVSS 3.14.3

EPSS0.03425

suse vulnerability curl vulnerability auth data leak cookie data leak http redirects