Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Related bugs and status

CVE-2022-27774 (Candidate) is related to these bugs:

Bug #1940528: curl 7.68 does not init OpenSSL correctly

		In	Importance	Status
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu)	Undecided	Fix Released
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu Bionic)	Undecided	New
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://hackerone.com/...
CONFIRM: https://security.netap...
DEBIAN: DSA-5197
GENTOO: GLSA-202212-01
MLIST: [debian-lts-announce] ...