CVE-2022-27782 Vulnerability Details

  /     /     /  

CVE-2022-27782 Metadata Quick Info

CVE Published: 01/06/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: hackerone | Vendor: n/a | Product: https://github.com/curl/curl
Status : PUBLISHED

---

CVE-2022-27782 Description

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-840
CWE Name: Business Logic Errors (CWE-840)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).