A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

CPENameOperatorVersion
curleq7.59.0-r1
curleq7.47.0-r0
curleq7.21.4-r1
curleq7.46.0-r1
curleq7.21.7-r2
curleq7.21.3-r0
curleq7.26.0-r0
curleq7.44.0-r0
curleq7.34.0-r1
curleq7.79.1-r1

Name	Operator	Version
curl	eq	7.59.0-r1
curl	eq	7.47.0-r0
curl	eq	7.21.4-r1
curl	eq	7.46.0-r1
curl	eq	7.21.7-r2
curl	eq	7.21.3-r0
curl	eq	7.26.0-r0
curl	eq	7.44.0-r0
curl	eq	7.34.0-r1
curl	eq	7.79.1-r1

Rows per page:

1-10 of 1571

References

seclists.org/fulldisclosure/2023/Mar/17

hackerone.com/reports/1764858

security.gentoo.org/glsa/202310-12

security.netapp.com/advisory/ntap-20230214-0002/

support.apple.com/kb/HT213670

ibm 20

redos 1

nessus 55

openvas 30

cbl_mariner 10

kaspersky 2

redhat 11

ubuntucve 1

debiancve 1

centos 1

cgr 1

alpinelinux 1

wolfi 1

prion 1

redhatcve 1

cvelist 1

f5 1

veracode 1

oraclelinux 3

mscve 1

cve 1

hackerone 1

osv 6

almalinux 2

mageia 1

ubuntu 2

fedora 2

cloudfoundry 1

photon 6

amazon 2

debian 2

rosalinux 1

ics 2

aix 1

gentoo 1

mskb 5

apple 1

tenable 1

avleonov 1

ibm

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in RHEL (CVE-2022-43552 )

2024-01-18 21:00:02

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in RHEL (CVE-2022-43552 )

2024-01-26 22:04:27

Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)

2023-01-25 19:11:03

redos

ROS-20230414-04

2023-04-14 00:00:00

nessus

CentOS 9 : curl-7.76.1-22.el9

2024-02-29 00:00:00

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1522)

2023-03-19 00:00:00

CentOS 7 : curl (RHSA-2023:7743)

2023-12-22 00:00:00

openvas

CentOS: Security Advisory for curl (CESA-2023:7743)

2024-03-05 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1463)

2023-03-09 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1547)

2023-03-20 00:00:00

cbl_mariner

CVE-2022-43552 affecting package cmake for versions less than 3.28.2-1

2024-03-19 17:21:46

CVE-2022-43552 affecting package mysql for versions less than 8.0.33-1

2023-05-03 16:24:32

CVE-2022-43552 affecting package curl for versions less than 7.86.0-3

2023-02-01 18:10:08

kaspersky

KLA48562 ACE vulnerability in Microsoft Windows

2023-02-10 00:00:00

KLA48563 ACE vulnerability in Microsoft Mariner

2023-02-10 00:00:00

redhat

(RHSA-2023:7743) Low: curl security update

2023-12-12 16:01:33

(RHSA-2023:2478) Low: curl security update

2023-05-09 05:11:57

(RHSA-2023:2963) Low: curl security and bug fix update

2023-05-16 05:59:21

ubuntucve

CVE-2022-43552

2022-12-21 00:00:00

debiancve

CVE-2022-43552

2023-02-09 20:15:00

centos

curl, libcurl security update

2024-01-12 19:12:33

cgr

CVE-2022-43552 vulnerabilities

2024-05-19 03:07:16

alpinelinux

CVE-2022-43552

2023-02-09 20:15:00

wolfi

CVE-2022-43552 vulnerabilities

2024-05-19 21:07:16

prion

Path traversal

2023-02-09 20:15:00

redhatcve

CVE-2022-43552

2022-12-21 09:36:44

cvelist

CVE-2022-43552

2023-02-09 00:00:00

K000133092 : cURL vulnerability CVE-2022-43552

2023-03-21 00:00:00

veracode

Use-After-Free

2022-12-23 19:14:50

oraclelinux

curl security update

2023-12-12 00:00:00

curl security and bug fix update

2023-05-24 00:00:00

curl security update

2023-05-15 00:00:00

mscve

Open Source Curl Remote Code Execution Vulnerability

2023-02-10 00:00:00

cve

CVE-2022-43552

2023-02-09 20:15:00

hackerone

curl: CVE-2022-43552: HTTP Proxy deny use-after-free

2022-11-07 16:45:50

osv

curl vulnerabilities

2023-01-05 17:15:18

curl - security update

2023-01-27 00:00:00

Low: curl security update

2023-05-09 00:00:00

almalinux

Low: curl security and bug fix update

2023-05-16 00:00:00

Low: curl security update

2023-05-09 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-12-31 01:39:00

ubuntu

curl vulnerabilities

2023-01-05 00:00:00

curl vulnerabilities

2023-02-27 00:00:00

fedora

[SECURITY] Fedora 37 Update: curl-7.85.0-5.fc37

2022-12-26 01:06:29

[SECURITY] Fedora 36 Update: curl-7.82.0-12.fc36

2022-12-28 01:40:29

cloudfoundry

USN-5788-1: curl vulnerabilities | Cloud Foundry

2023-01-26 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0304

2022-12-21 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0508

2022-12-22 00:00:00

Important Photon OS Security Update - PHSA-2022-0551

2022-12-21 00:00:00

amazon

Medium: curl

2023-01-30 16:02:00

Medium: curl

2023-04-13 19:01:00

debian

[SECURITY] [DSA 5330-1] curl security update

2023-01-27 17:54:20

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:20:10

rosalinux

Advisory ROSA-SA-2023-2221

2023-08-22 13:21:47

ics

Siemens SINEC NMS Third-Party

2023-05-11 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

aix

Multiple vulnerabilities cURL libcurl affect AIX

2023-06-29 09:35:59

gentoo

curl: Multiple Vulnerabilities

2023-10-11 00:00:00

mskb

April 11, 2023—KB5025221 (OS Builds 19042.2846, 19044.2846, and 19045.2846)

2023-04-11 07:00:00

April 11, 2023—KB5025239 (OS Build 22621.1555)

2023-04-11 07:00:00

April 11, 2023—KB5025224 (OS Build 22000.1817)

2023-04-11 07:00:00

apple

About the security content of macOS Ventura 13.3

2023-03-27 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

42.6%

JSON

Related for OSV:CVE-2022-43552