---

CVE-2022-27775 - log back

CVE-2022-27775 edited at 27 Apr 2022 16:32:31

Description

+ flaws in libcurl's connection pool could lead to exposure of sensitive information to an unauthorized actor - libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. - - Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.

CVE-2022-27775 created at 27 Apr 2022 16:14:13
Severity	+ Low
Remote	+ Local
Type	+ Information disclosure
Description	+ libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. + + Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.
References	+ https://curl.se/docs/CVE-2022-27775.html
Notes	+ We are not aware of any exploit of this flaw.