CVE-2022-27778

HIGH

cURL - Use of Incorrectly Resolved Name

Title source: llm

Description

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

References (4)

[Exploit, Third Party Advisory] https://hackerone.com/reports/1553598

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220609-0009/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220729-0004/

Scores

CVSS v3 8.1

EPSS 0.0091

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE

CWE-706

Status published

Products (15)

haxx/curl 7.83.0

netapp/active_iq_unified_manager (2 CPE variants)

netapp/bh500s_firmware

netapp/clustered_data_ontap

netapp/h300s_firmware

netapp/h410s_firmware

netapp/h700s_firmware

netapp/hci_compute_node_firmware

netapp/oncommand_insight

netapp/oncommand_workflow_automation

... and 5 more

Published Jun 02, 2022

Tracked Since Feb 18, 2026