AVG-2685 log
| Package | curl |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 7.82.0-3 |
| Fixed | 7.83.0-1 |
| Current | 8.17.0-1 [core] |
| Ticket | None |
| Created | Wed Apr 27 16:21:22 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-27776 | Low | No | Insufficient validation | curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number. |
| CVE-2022-27775 | Low | No | Information disclosure | flaws in libcurl's connection pool could lead to exposure of sensitive information to an unauthorized actor |
| CVE-2022-27774 | Medium | No | Information disclosure | curl leaks credentials to other servers when it follows redirects from auth protected HTTP(S) URLs to other protocols and port numbers. It could also leak... |
| CVE-2022-22576 | Medium | Yes | Authentication bypass | libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for... |
| References |
|---|
https://curl.se/docs/CVE-2022-22576.html https://curl.se/docs/CVE-2022-27774.html https://curl.se/docs/CVE-2022-27775.html https://curl.se/docs/CVE-2022-27776.html |