SB20220511103 - Fedora 36 update for curl

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20220511103

SB20220511103 - Fedora 36 update for curl

Published: May 11, 2022

Security Bulletin ID SB20220511103
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2022-27782)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.


2) Information disclosure (CVE-ID: CVE-2022-27779)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. As a result, an attacker can create cookie files that are later sent to a different and unrelated site or domain.


3) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-30115)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in HSTS implementation that can allow curl to continue using HTTP protocol instead of HTTPS if the host name in the given URL used a trailing dot while not using one when it built the HSTS cache. A remote attacker with ability to intercept traffic can obtain potentially sensitive information.


4) Input validation error (CVE-ID: CVE-2022-27780)

The vulnerability allows a remote attacker to bypass filters and checks.

The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a different URL using the wrong host name when it is later retrieved. For example, the URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get transposed into http://example.com/10.0.0.1/.

A remote attacker can bypass various internal filters and checks and force the curl to connect to a wrong web application.


Remediation

Install update from vendor's website.

References