CVE-2022-32221

CRITICAL

curl - Exposure of Sensitive Information via Reused Handle Logic

Title source: llm
STIX 2.1

Description

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202212-01
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jan/20
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jan/19
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5330
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/1704017

Scores

CVSS v3 9.8
EPSS 0.0176
EPSS Percentile 82.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-200 CWE-668
Status published
Products (11)
apple/macos < 12.6.3
debian/debian_linux 10.0
debian/debian_linux 11.0
haxx/curl < 7.86.0
netapp/clustered_data_ontap
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
splunk/universal_forwarder 9.1.0
... and 1 more
Published Dec 05, 2022
Tracked Since Feb 18, 2026