AVG-2685 log

Package curl
Status Fixed
Severity Medium
Type multiple issues
Affected 7.82.0-3
Fixed 7.83.0-1
Current 7.86.0-4 [core]
Ticket None
Created Wed Apr 27 16:21:22 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-27776 Low No Insufficient validation
curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-27775 Low No Information disclosure
flaws in libcurl's connection pool could lead to exposure of sensitive information to an unauthorized actor
CVE-2022-27774 Medium No Information disclosure
curl leaks credentials to other servers when it follows redirects from auth protected HTTP(S) URLs to other protocols and port numbers. It could also leak...
CVE-2022-22576 Medium Yes Authentication bypass
libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for...
References
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html