Description
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1553598
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220609-0009/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220729-0004/
Scores
CVSS v3
8.1
EPSS
0.0345
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-706
Status
published
Products (15)
haxx/curl
7.83.0
netapp/active_iq_unified_manager
(2 CPE variants)
netapp/bh500s_firmware
netapp/clustered_data_ontap
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h700s_firmware
netapp/hci_compute_node_firmware
netapp/oncommand_insight
netapp/oncommand_workflow_automation
... and 5 more
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026