[USN-5702-2] curl vulnerability

Severity Medium

Affected Packages 16

CVEs 1

curl could crash if it received a specially crafted POST operations after PUT operations.

USN-5702-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)

Package	Affected Version
pkg:deb/ubuntu/libcurl4-openssl-dev?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl4-openssl-dev?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/libcurl4-nss-dev?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl4-nss-dev?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/libcurl4-gnutls-dev?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl4-gnutls-dev?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/libcurl4-doc?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl4-doc?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/libcurl3?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl3?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/libcurl3-nss?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl3-nss?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/libcurl3-gnutls?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/libcurl3-gnutls?distro=trusty	< 7.35.0-1ubuntu2.20+esm13
pkg:deb/ubuntu/curl?distro=xenial	< 7.47.0-1ubuntu2.19+esm6
pkg:deb/ubuntu/curl?distro=trusty	< 7.35.0-1ubuntu2.20+esm13

ID

USN-5702-2

Severity

medium

URL

https://ubuntu.com/security/notices/USN-5702-2

Published

2022-10-26T19:33:46
(23 months ago)

Modified

2022-10-26T19:33:46
(23 months ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/libcurl4-openssl-dev?distro=xenial	ubuntu	libcurl4-openssl-dev	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl4-openssl-dev?distro=trusty	ubuntu	libcurl4-openssl-dev	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/libcurl4-nss-dev?distro=xenial	ubuntu	libcurl4-nss-dev	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl4-nss-dev?distro=trusty	ubuntu	libcurl4-nss-dev	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/libcurl4-gnutls-dev?distro=xenial	ubuntu	libcurl4-gnutls-dev	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl4-gnutls-dev?distro=trusty	ubuntu	libcurl4-gnutls-dev	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/libcurl4-doc?distro=xenial	ubuntu	libcurl4-doc	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl4-doc?distro=trusty	ubuntu	libcurl4-doc	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/libcurl3?distro=xenial	ubuntu	libcurl3	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl3?distro=trusty	ubuntu	libcurl3	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/libcurl3-nss?distro=xenial	ubuntu	libcurl3-nss	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl3-nss?distro=trusty	ubuntu	libcurl3-nss	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/libcurl3-gnutls?distro=xenial	ubuntu	libcurl3-gnutls	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/libcurl3-gnutls?distro=trusty	ubuntu	libcurl3-gnutls	< 7.35.0-1ubuntu2.20+esm13	trusty
Affected	pkg:deb/ubuntu/curl?distro=xenial	ubuntu	curl	< 7.47.0-1ubuntu2.19+esm6	xenial
Affected	pkg:deb/ubuntu/curl?distro=trusty	ubuntu	curl	< 7.35.0-1ubuntu2.20+esm13	trusty

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date