[CURL-CVE-2022-27778] curl removes wrong file on error
Severity
Medium
Affected Packages
2
Fixed Packages
1
CVEs
1
curl might remove the wrong file when --no-clobber
is used together with
--remove-on-error
.
The --remove-on-error
option tells curl to remove the output file when it
returns an error, and not leave a partial file behind. The --no-clobber
option prevents curl from overwriting a file if it already exists, and instead
appends a number to the name to create a new unused filename.
If curl adds a number to not "clobber" the output and an error occurs during
transfer, the remove on error logic would remove the original filename
without the added number.
Package | Affected Version |
---|---|
pkg:generic/curl | >= 7.83.0, < 7.83.1 |
pkg:generic/curl | = 7.83.0 |
Package | Fixed Version |
---|---|
pkg:generic/curl | = 7.83.1 |
- ID
- CURL-CVE-2022-27778
- Severity
- medium
- URL
- https://curl.se/docs/CVE-2022-27778.html
- Published
-
2022-05-11T08:00:00
(2 years ago) - Modified
-
2024-06-07T13:53:51
(3 months ago) - Rights
- The cURL project
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
cURL Project | CURL-CVE-2022-27778 | Security Advisory | https://curl.se/docs/CVE-2022-27778.html |
cURL Project | CURL-CVE-2022-27778 | Security Advisory | https://curl.se/docs/CVE-2022-27778.json |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:generic/curl | curl | = 7.83.1 | ||||
Affected | pkg:generic/curl | curl | >= 7.83.0 < 7.83.1 | ||||
Affected | pkg:generic/curl | curl | = 7.83.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |