CVE-2022-27782

Updated: 2023-11-04 20:57:36.191954

Description:

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU curl 7.76.1 7.5 HIGH Already Fixed 2023-11-08 08:36:04
CentOS 6 ELS curl 7.19.7 7.5 HIGH Released CLSA-2022:1656961923 2022-07-18 14:48:57
CentOS 7 ELS curl 7.29.0 7.5 HIGH Released CLSA-2023:1697816385 2023-10-20 14:08:21
CentOS 8.4 ELS curl 7.61.1 7.5 HIGH Released CLSA-2022:1656430138 2022-06-28 11:50:11
CentOS 8.5 ELS curl 7.61.1 7.5 HIGH Released CLSA-2022:1656430292 2022-06-28 11:50:10
CloudLinux 6 ELS curl 7.19.7 7.5 HIGH Released CLSA-2022:1656961712 2022-07-18 14:48:55
Oracle Linux 6 ELS curl 7.19.7 7.5 HIGH Released CLSA-2022:1656961578 2022-07-04 17:48:58
Ubuntu 16.04 ELS curl 7.47.0 7.5 HIGH Released CLSA-2022:1656959369 2022-07-04 14:43:54
Ubuntu 18.04 ELS curl 7.58.0-2 7.5 HIGH Already Fixed 2023-06-02 09:10:39