1. Home
  2. Security Advisories
  3. cURL
  4. CURL-CVE-2022-27778

[CURL-CVE-2022-27778] curl removes wrong file on error

Severity Medium
Affected Packages 2
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

curl might remove the wrong file when --no-clobber is used together with
--remove-on-error.

The --remove-on-error option tells curl to remove the output file when it
returns an error, and not leave a partial file behind. The --no-clobber
option prevents curl from overwriting a file if it already exists, and instead
appends a number to the name to create a new unused filename.

If curl adds a number to not "clobber" the output and an error occurs during
transfer, the remove on error logic would remove the original filename
without the added number.

Package Affected Version
pkg:generic/curl >= 7.83.0, < 7.83.1
pkg:generic/curl = 7.83.0
Package Fixed Version
pkg:generic/curl = 7.83.1
ID
CURL-CVE-2022-27778
Severity
medium
URL
https://curl.se/docs/CVE-2022-27778.html
Published
2022-05-11T08:00:00
(2 years ago)
Modified
2024-06-07T13:53:51
(3 months ago)
Rights
The cURL project
Other Advisories
Source # ID Name URL
cURL Project CURL-CVE-2022-27778 Security Advisory https://curl.se/docs/CVE-2022-27778.html
cURL Project CURL-CVE-2022-27778 Security Advisory https://curl.se/docs/CVE-2022-27778.json
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:generic/curl curl = 7.83.1
Affected pkg:generic/curl curl >= 7.83.0 < 7.83.1
Affected pkg:generic/curl curl = 7.83.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date