exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2022-32221

Status Candidate

Overview

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

Related Files

Red Hat Security Advisory 2023-4139-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2022-32221, CVE-2023-23916
SHA-256 | 1432c33ed85389054b48cd567685a7c375dcd6c1be4920a220778c3cc6e6d62c
Debian Security Advisory 5330-1
Posted Jan 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2022-32221, CVE-2022-43552
SHA-256 | c6fc6848e50216229db276b6a61ea17d23706f3f9aadd8dd9c2779ef72f1c34e
Ubuntu Security Notice USN-5823-1
Posted Jan 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-32221, CVE-2023-21867, CVE-2023-21871, CVE-2023-21877, CVE-2023-21881
SHA-256 | b0f3b18c5632a48be6c234086a99abb8c553415fb83f3c6b9cb3966adfb715eb
Apple Security Advisory 2023-01-23-5
Posted Jan 24, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-32221, CVE-2022-32915, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-23497, CVE-2023-23499, CVE-2023-23502, CVE-2023-23504, CVE-2023-23505, CVE-2023-23507, CVE-2023-23508
SHA-256 | 86dd9b786a0318174acd539801f6e3fe6a86591529277185d71eb7e9e3237c4d
Apple Security Advisory 2023-01-23-4
Posted Jan 24, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-3705, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-23496, CVE-2023-23497, CVE-2023-23498, CVE-2023-23499, CVE-2023-23500, CVE-2023-23501, CVE-2023-23502, CVE-2023-23503
SHA-256 | 0cd5bf89e176e4c213da4d53018a83b92e2203a6e71bf12d7a356eea1213909b
Red Hat Security Advisory 2023-0333-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0333-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2022-32221
SHA-256 | bd289a2fa2e1a33cbfb8e8eba477c0aa660f2e89cda2d1d059db45b1930f32cf
Red Hat Security Advisory 2022-8840-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-30522, CVE-2022-31813, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221
SHA-256 | 5b7994ef1ac893da1796d6f141c46df2497e2f625c087c27f1b69c902e826051
Red Hat Security Advisory 2022-8841-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-30522, CVE-2022-31813, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221
SHA-256 | 222fd306b69d048e15681a3ca9c45ddbb178b2c60ccd178af9bd088b1604a60b
Ubuntu Security Notice USN-5702-2
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-32221
SHA-256 | a9ef99809fa6f3d4b4210466b534a091650ab38e6eb5b490d41b11d2d8763c83
Ubuntu Security Notice USN-5702-1
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916
SHA-256 | abce9130e44a5745556c40692b098b2f27521fb7fe9f2336f2ae1e79874e5e67
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close