Vulnerability Name:

CVE-2022-27782 (CCN-226252)

Assigned:2022-05-11
Published:2022-05-11
Updated:2023-03-20
Summary:libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-295
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2022-27782

Source: support@hackerone.com
Type: UNKNOWN
support@hackerone.com

Source: CCN
Type: Project curl Security Advisory, May 11 2022
TLS and SSH connection too eager reuse

Source: XF
Type: UNKNOWN
curl-cve202227782-sec-bypass(226252)

Source: support@hackerone.com
Type: Exploit, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: CCN
Type: IBM Security Bulletin 6606577 (Rational ClearCase)
Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )

Source: CCN
Type: IBM Security Bulletin 6611147 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6615217 (Robotic Process Automation for Cloud Pak)
Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6620211 (Spectrum Protect Plus)
Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Source: CCN
Type: IBM Security Bulletin 6620213 (Spectrum Copy Data Management)
Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)

Source: CCN
Type: IBM Security Bulletin 6621463 (Spectrum Protect Plus)
Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Source: CCN
Type: IBM Security Bulletin 6823211 (PowerSC)
Multiple vulnerabilities in Curl affect PowerSC

Source: CCN
Type: IBM Security Bulletin 6826101 (MaaS360 Cloud Extender)
IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6836917 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing access restrictions due to [CVE-2022-27782]

Source: CCN
Type: IBM Security Bulletin 6843883 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in cURL libcurl (CVE-2022-27782)

Source: CCN
Type: IBM Security Bulletin 6848225 (Netcool Operations Insight)
Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6984347 (Engineering Requirements Management DOORS)
IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6

Source: CCN
Type: IBM Security Bulletin 7008409 (AIX)
Multiple vulnerabilities in cURL libcurl affect AIX

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7476
    P
    		curl-8.0.1-150400.5.23.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:125779
    P
    		Security update for curl (Important)
    2022-08-16
    oval:org.opensuse.security:def:126943
    P
    		Security update for curl (Important)
    2022-08-16
    oval:org.opensuse.security:def:127341
    P
    		Security update for curl (Important)
    2022-08-16
    oval:com.redhat.rhsa:def:20225245
    P
    		RHSA-2022:5245: curl security update (Moderate)
    2022-07-01
    oval:com.redhat.rhsa:def:20225313
    P
    		RHSA-2022:5313: curl security update (Moderate)
    2022-06-30
    oval:org.opensuse.security:def:94532
    P
    		curl-7.79.1-150400.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2902
    P
    		curl-7.79.1-150400.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:903
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:119216
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:42294
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:119406
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:42392
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:118720
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:119591
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:118910
    P
    		Security update for curl (Important)
    2022-05-27
    oval:org.opensuse.security:def:5256
    P
    		Security update for curl (Important)
    2022-05-23
    oval:org.opensuse.security:def:6050
    P
    		Security update for curl (Important)
    2022-05-23
    BACK
    ibm rational clearcase 8.0.1
    ibm rational clearcase 8.0.0
    ibm rational clearcase 9.0.1
    ibm spectrum protect plus 10.1.0
    ibm spectrum copy data management 2.2.0.0
    ibm app connect enterprise certified container 4.1
    ibm app connect enterprise certified container 4.2
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm cloud pak for security 1.10.0.0
    ibm app connect enterprise certified container 5.0
    ibm cloud pak for security 1.10.6.0