1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202212-01

[GLSA-202212-01] curl: Multiple Vulnerabilities

Severity High
Affected Packages 1
Unaffected Packages 1
CVEs 25
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

Background
A command line tool and library for transferring data with URLs.

Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact
Please review the referenced CVE identifiers for details.

Workaround
There is no known workaround at this time.

Resolution
All curl users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

Package Affected Version
pkg:ebuild/net-misc/curl?distro=gentoo < 7.86.0
Package Unaffected Version
pkg:ebuild/net-misc/curl?distro=gentoo >= 7.86.0
ID
GLSA-202212-01
Severity
high
URL
https://security.gentoo.org/glsa/202212-01
Published
2022-12-19T00:00:00
(21 months ago)
Modified
2022-12-19T00:00:00
(21 months ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2021-22922 CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922
CVE CVE-2021-22923 CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923
CVE CVE-2021-22925 CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925
CVE CVE-2021-22926 CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926
CVE CVE-2021-22945 CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945
CVE CVE-2021-22946 CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946
CVE CVE-2021-22947 CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947
CVE CVE-2022-22576 CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576
CVE CVE-2022-27774 CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774
CVE CVE-2022-27775 CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775
CVE CVE-2022-27776 CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776
CVE CVE-2022-27779 CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779
CVE CVE-2022-27780 CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780
CVE CVE-2022-27781 CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781
CVE CVE-2022-27782 CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782
CVE CVE-2022-30115 CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115
CVE CVE-2022-32205 CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205
CVE CVE-2022-32206 CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206
CVE CVE-2022-32207 CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207
CVE CVE-2022-32208 CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208
CVE CVE-2022-32221 CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221
CVE CVE-2022-35252 CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252
CVE CVE-2022-35260 CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260
CVE CVE-2022-42915 CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915
CVE CVE-2022-42916 CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Bugzilla 803308 Bugzilla #803308 https://bugs.gentoo.org/show_bug.cgi?id=803308
Bugzilla 813270 Bugzilla #813270 https://bugs.gentoo.org/show_bug.cgi?id=813270
Bugzilla 841302 Bugzilla #841302 https://bugs.gentoo.org/show_bug.cgi?id=841302
Bugzilla 843824 Bugzilla #843824 https://bugs.gentoo.org/show_bug.cgi?id=843824
Bugzilla 854708 Bugzilla #854708 https://bugs.gentoo.org/show_bug.cgi?id=854708
Bugzilla 867679 Bugzilla #867679 https://bugs.gentoo.org/show_bug.cgi?id=867679
Bugzilla 878365 Bugzilla #878365 https://bugs.gentoo.org/show_bug.cgi?id=878365
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/net-misc/curl?distro=gentoo net-misc curl < 7.86.0 gentoo
Unaffected pkg:ebuild/net-misc/curl?distro=gentoo net-misc curl >= 7.86.0 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date