[USN-5702-2] curl vulnerability
Severity
Medium
Affected Packages
16
CVEs
1
curl could crash if it received a specially crafted POST operations after PUT operations.
USN-5702-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
- ID
- USN-5702-2
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-5702-2
- Published
-
2022-10-26T19:33:46
(23 months ago) - Modified
-
2022-10-26T19:33:46
(23 months ago) - Other Advisories
-
- ALAS2-2022-1882
- ALPINE:CVE-2022-32221
- ALSA-2023:0333
- CURL-CVE-2022-32221
- DSA-5330-1
- ELSA-2023-0333
- FEDORA-2022-39688a779d
- FEDORA-2022-e9d65906c4
- FREEBSD:0F99A30C-7B4B-11ED-9168-080027F5FEC9
- FREEBSD:DC49F6DC-99D2-11ED-86E9-D4C9EF517024
- GLSA-202212-01
- RHSA-2023:0333
- RLSA-2023:0333
- SSA:2022-299-01
- SUSE-SU-2022:3769-1
- SUSE-SU-2022:3770-1
- SUSE-SU-2022:3772-1
- SUSE-SU-2022:3773-1
- SUSE-SU-2022:3774-1
- SUSE-SU-2022:3785-1
- USN-5702-1
- USN-5823-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libcurl4-openssl-dev?distro=xenial | ubuntu | libcurl4-openssl-dev | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl4-openssl-dev?distro=trusty | ubuntu | libcurl4-openssl-dev | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/libcurl4-nss-dev?distro=xenial | ubuntu | libcurl4-nss-dev | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl4-nss-dev?distro=trusty | ubuntu | libcurl4-nss-dev | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/libcurl4-gnutls-dev?distro=xenial | ubuntu | libcurl4-gnutls-dev | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl4-gnutls-dev?distro=trusty | ubuntu | libcurl4-gnutls-dev | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/libcurl4-doc?distro=xenial | ubuntu | libcurl4-doc | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl4-doc?distro=trusty | ubuntu | libcurl4-doc | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/libcurl3?distro=xenial | ubuntu | libcurl3 | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl3?distro=trusty | ubuntu | libcurl3 | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/libcurl3-nss?distro=xenial | ubuntu | libcurl3-nss | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl3-nss?distro=trusty | ubuntu | libcurl3-nss | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/libcurl3-gnutls?distro=xenial | ubuntu | libcurl3-gnutls | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/libcurl3-gnutls?distro=trusty | ubuntu | libcurl3-gnutls | < 7.35.0-1ubuntu2.20+esm13 | trusty | ||
Affected | pkg:deb/ubuntu/curl?distro=xenial | ubuntu | curl | < 7.47.0-1ubuntu2.19+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/curl?distro=trusty | ubuntu | curl | < 7.35.0-1ubuntu2.20+esm13 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |