| Severity |
|
| Remote |
|
| Type |
|
| Description |
| + |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to be returned about a TLS server's certificate chain. Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information |
|
| References |
| + |
https://seclists.org/oss-sec/2022/q2/95 |
| + |
https://curl.se/docs/CVE-2022-27781.html |
| + |
https://github.com/curl/curl/commit/5c7da89d404bf59 |
| + |
https://github.com/curl/curl/commit/f6c335d63f |
|
| Notes |
| + |
Affected versions: curl 7.34.0 to and including 7.83.0 |
| + |
Not affected versions: curl < 7.34.0 and curl >= 7.83.1 |
|