CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
56.2%
libcurl provides the CURLOPT_CERTINFO
option to allow applications
torequest details to be returned about a serverโs certificate chain.Due to
an erroneous function, a malicious server could make libcurl built withNSS
get stuck in a never-ending busy-loop when trying to retrieve
thatinformation.
Due to an erroneous function, a malicious server could make libcurl built
with NSS get stuck in a never-ending busy-loop when trying to retrieve that
information.]
Author | Note |
---|---|
alexmurray | Affects curl versions 7.34.0 up to and include 7.83.0 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | curl | <ย 7.58.0-2ubuntu3.18 | UNKNOWN |
ubuntu | 20.04 | noarch | curl | <ย 7.68.0-1ubuntu2.11 | UNKNOWN |
ubuntu | 21.10 | noarch | curl | <ย 7.74.0-1.3ubuntu2.2 | UNKNOWN |
ubuntu | 22.04 | noarch | curl | <ย 7.81.0-1ubuntu1.2 | UNKNOWN |
ubuntu | 14.04 | noarch | curl | <ย 7.35.0-1ubuntu2.20+esm11 | UNKNOWN |
ubuntu | 16.04 | noarch | curl | <ย 7.47.0-1ubuntu2.19+esm4 | UNKNOWN |
curl.se/docs/CVE-2022-27781.html
github.com/curl/curl/commit/f6c335d63f
launchpad.net/bugs/cve/CVE-2022-27781
nvd.nist.gov/vuln/detail/CVE-2022-27781
security-tracker.debian.org/tracker/CVE-2022-27781
ubuntu.com/security/notices/USN-5412-1
ubuntu.com/security/notices/USN-5499-1
www.cve.org/CVERecord?id=CVE-2022-27781
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
56.2%