| Vulnerability Name: | CVE-2022-32221 (CCN-239058) | ||||||||||||||||||
| Assigned: | 2022-10-26 | ||||||||||||||||||
| Published: | 2022-10-26 | ||||||||||||||||||
| Updated: | 2023-05-17 | ||||||||||||||||||
| Summary: | cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when using the read callback (CURLOPT_READFUNCTION) to ask for data to send. By sending a specially-crafted request, an attacker could exploit this vulnerability to send wrong data or doing a use-after-free is not present in libcurl code. | ||||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C)
4.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||
| CVSS v2 Severity: | 8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:P)
| ||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-32221 Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: UNKNOWN support@hackerone.com Source: CCN Type: Project curl Security Advisory, October 26 2022 CVE-2022-32221: POST following PUT confusion Source: XF Type: UNKNOWN curl-cve202232221-sec-bypass(239058) Source: support@hackerone.com Type: Exploit, Issue Tracking, Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Mailing List, Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: CCN Type: IBM Security Bulletin 6840059 (ILOG CPLEX Optimization Studio) The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221) Source: CCN Type: IBM Security Bulletin 6845365 (QRadar WinCollect Agent) IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities Source: CCN Type: IBM Security Bulletin 6855601 (Rational ClearCase) Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 ) Source: CCN Type: IBM Security Bulletin 6963308 (PowerSC) Multiple vulnerabilities in Curl affect PowerSC Source: CCN Type: IBM Security Bulletin 6984203 (InfoSphere Information Server) IBM InfoSphere Information Server is affected by a vulnerability in libcurl (CVE-2022-32221) Source: CCN Type: IBM Security Bulletin 6984347 (Engineering Requirements Management DOORS) IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6 Source: CCN Type: IBM Security Bulletin 6998763 (AIX) AIX is vulnerable to security restrictions bypass due to curl (CVE-2022-32221) Source: CCN Type: IBM Security Bulletin 7013517 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to security restrictions bypass due to [CVE-2022-32221], [CVE-2023-27533], [CVE-2023-28322] | ||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||
| Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
| BACK | |||||||||||||||||||