CVE-2022-27781

Updated: 2024-11-24 05:26:58.532944

Description:

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU curl 7.76.1 7.5 HIGH Not Vulnerable 2023-11-08 08:36:05
CentOS 6 ELS curl 7.19.7 7.5 HIGH Not Vulnerable 2022-06-26 17:43:17
CentOS 7 ELS curl 7.29.0 7.5 HIGH Not Vulnerable 2023-10-09 09:37:37
CentOS 8.4 ELS curl 7.61.1 7.5 HIGH Released CLSA-2022:1656430138 2022-06-28 11:50:08
CentOS 8.5 ELS curl 7.61.1 7.5 HIGH Released CLSA-2022:1656430292 2022-06-28 11:50:08
CloudLinux 6 ELS curl 7.19.7 7.5 HIGH Not Vulnerable 2022-06-26 17:43:17
Oracle Linux 6 ELS curl 7.19.7 7.5 HIGH Not Vulnerable 2022-06-26 17:43:17
Ubuntu 16.04 ELS curl 7.47.0 7.5 HIGH Released CLSA-2022:1656430897 2022-06-28 11:50:08
Ubuntu 18.04 ELS curl 7.58.0-2 7.5 HIGH Already Fixed 2023-06-02 09:10:39