1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2022-e9d65906c4

[FEDORA-2022-e9d65906c4] Fedora 37: curl

Severity Critical
Affected Packages 1
CVEs 4
Info Packages References Vulnerabilities
  • url: use IDN decoded names for HSTS checks (CVE-2022-42916) - http_proxy: restore the protocol pointer on error (CVE-2022-42915) - netrc: replace XXXXX with Curl_get_line (CVE-2022-35260) - fix POST following PUT confusion (CVE-2022-32221)
Package Affected Version
pkg:rpm/fedora/curl?distro=fedora-37 < 7.85.0.2.fc37
ID
FEDORA-2022-e9d65906c4
Severity
critical
Severity from
CVE-2022-32221
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9d65906c4
Published
2022-11-10T22:54:26
(22 months ago)
Modified
2022-11-10T22:54:26
(22 months ago)
Rights
Copyright 2022 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 2137769 Bug #2137769 - CVE-2022-42916 curl: HSTS bypass via IDN [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2137769
Bugzilla 2138111 Bug #2138111 - CVE-2022-42915 curl: HTTP proxy double-free [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2138111
Bugzilla 2137780 Bug #2137780 - CVE-2022-32221 curl: POST following PUT confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2137780
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/curl?distro=fedora-37 fedora curl < 7.85.0.2.fc37 fedora-37
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date