Vulnerability Name: | CVE-2022-43551 (CCN-242798) | ||||||||||||
Assigned: | 2022-12-21 | ||||||||||||
Published: | 2022-12-21 | ||||||||||||
Updated: | 2023-04-27 | ||||||||||||
Summary: | cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass HSTS check. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)
| ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-43551 Source: CCN Type: Project curl Security Advisory, December 21 2022 CVE-2022-43551: Another HSTS bypass via IDN Source: XF Type: UNKNOWN curl-cve202243551-sec-bypass(242798) Source: support@hackerone.com Type: Exploit, Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Mailing List, Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: UNKNOWN support@hackerone.com Source: CCN Type: IBM Security Bulletin 6857685 (QRadar WinCollect Agent) libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551) Source: CCN Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus) Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus Source: CCN Type: IBM Security Bulletin 6986573 (Safer Payments) Multiple publicly disclosed Libcurl vulnerabilities affect IBM Safer Payments Source: CCN Type: IBM Security Bulletin 7004263 (PowerSC) Multiple vulnerabilities in Curl affect PowerSC Source: CCN Type: IBM Security Bulletin 7005589 (Spectrum Protect Plus) Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus. Source: CCN Type: IBM Security Bulletin 7008409 (AIX) Multiple vulnerabilities in cURL libcurl affect AIX Source: CCN Type: IBM Security Bulletin 7012459 (Spectrum Copy Data Management) Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management | ||||||||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |