[CURL-CVE-2022-32221] POST following PUT confusion
Severity
Medium
Affected Packages
159
Fixed Packages
1
CVEs
1
When doing HTTP(S) transfers, libcurl might erroneously use the read callback
(CURLOPT_READFUNCTION) to ask for data to send, even when the
CURLOPT_POSTFIELDS option has been set, if the same handle previously was
used to issue a PUT request which used that callback.
This flaw may surprise the application and cause it to misbehave and either
send off the wrong data or use memory after free or similar in the subsequent
POST request.
The problem exists in the logic for a reused handle when it is changed from a
PUT to a POST.
| Package | Fixed Version |
|---|---|
 pkg:generic/curl
|
= 7.86.0 |
- ID
- CURL-CVE-2022-32221
- Severity
- medium
- URL
- https://curl.se/docs/CVE-2022-32221.html
- Published
-
2022-10-26T08:00:00
(23 months ago) - Modified
-
2023-05-10T00:37:06
(16 months ago) - Rights
- The cURL project
- Other Advisories
-
-
ALAS2-2022-1882
-
ALPINE:CVE-2022-32221
-
ALSA-2023:0333
-
DSA-5330-1
-
ELSA-2023-0333
-
FEDORA-2022-39688a779d
-
FEDORA-2022-e9d65906c4
-
FREEBSD:0F99A30C-7B4B-11ED-9168-080027F5FEC9
-
FREEBSD:DC49F6DC-99D2-11ED-86E9-D4C9EF517024
-
GLSA-202212-01
-
RHSA-2023:0333
-
RLSA-2023:0333
-
SSA:2022-299-01
-
SUSE-SU-2022:3769-1
-
SUSE-SU-2022:3770-1
-
SUSE-SU-2022:3772-1
-
SUSE-SU-2022:3773-1
-
SUSE-SU-2022:3774-1
-
SUSE-SU-2022:3785-1
-
USN-5702-1
-
USN-5702-2
-
USN-5823-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| cURL Project | CURL-CVE-2022-32221 | Security Advisory |
|
| cURL Project | CURL-CVE-2022-32221 | Security Advisory |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:generic/curl | curl | = 7.86.0 | ||||
| Affected | pkg:generic/curl | curl | >= 7.7 < 7.86.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.85.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.84.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.83.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.83.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.82.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.81.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.80.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.79.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.79.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.78.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.77.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.76.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.76.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.75.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.74.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.73.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.72.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.71.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.71.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.70.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.69.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.69.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.68.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.67.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.66.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.65.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.65.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.65.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.65.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.64.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.64.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.63.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.62.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.61.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.61.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.60.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.59.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.58.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.57.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.56.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.56.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.55.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.55.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.54.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.54.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.53.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.53.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.52.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.52.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.51.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.50.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.50.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.50.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.50.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.49.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.49.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.48.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.47.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.47.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.46.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.45.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.44.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.43.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.42.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.42.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.41.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.40.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.39.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.38.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.37.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.37.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.36.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.35.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.34.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.33.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.32.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.31.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.30.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.29.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.28.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.28.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.27.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.26.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.25.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.24.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.23.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.23.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.22.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.7 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.6 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.5 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.4 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.21.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.20.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.20.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.7 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.6 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.5 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.4 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.19.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.18.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.18.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.18.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.17.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.17.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.16.4 | ||||
| Affected | pkg:generic/curl | curl | = 7.16.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.16.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.16.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.16.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.15.5 | ||||
| Affected | pkg:generic/curl | curl | = 7.15.4 | ||||
| Affected | pkg:generic/curl | curl | = 7.15.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.15.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.15.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.15.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.14.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.14.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.13.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.13.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.13.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.12.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.12.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.12.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.12.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.11.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.11.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.11.0 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.8 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.7 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.6 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.5 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.4 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.10.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.10 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.8 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.7 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.6 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.5 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.4 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.9.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.9 | ||||
| Affected | pkg:generic/curl | curl | = 7.8.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.8 | ||||
| Affected | pkg:generic/curl | curl | = 7.7.3 | ||||
| Affected | pkg:generic/curl | curl | = 7.7.2 | ||||
| Affected | pkg:generic/curl | curl | = 7.7.1 | ||||
| Affected | pkg:generic/curl | curl | = 7.7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |