Lucene search

K
ubuntuUbuntuUSN-5495-1
HistoryJun 27, 2022 - 12:00 a.m.

curl vulnerabilities

2022-06-2700:00:00
ubuntu.com
76
curl
ubuntu
vulnerabilities
denial of service
cookies
http compression
file permissions
sensitive information
ftp-krb
machine-in-the-middle attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.003

Percentile

69.7%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 21.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)

Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-middle attack.
(CVE-2022-32208)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchlibcurl3-gnutls<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchcurl<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchcurl-dbgsym<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl3-gnutls-dbgsym<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl3-nss<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl3-nss-dbgsym<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl4<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl4-dbgsym<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl4-doc<Β 7.81.0-1ubuntu1.3UNKNOWN
Ubuntu22.04noarchlibcurl4-gnutls-dev<Β 7.81.0-1ubuntu1.3UNKNOWN
Rows per page:
1-10 of 481

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.003

Percentile

69.7%