Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-27775

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Related bugs and status

CVE-2022-27775 (Candidate) is related to these bugs:

Bug #1940528: curl 7.68 does not init OpenSSL correctly

		In	Importance	Status
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu)	Undecided	Fix Released
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu Bionic)	Undecided	New
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://hackerone.com/...
CONFIRM: https://security.netap...
DEBIAN: DSA-5197
GENTOO: GLSA-202212-01