CVE-2022-42915

HIGH

curl 7.77.0-7.85.0 - Double Free via HTTP Proxy CONNECT Error Handling

Title source: llm
STIX 2.1

Description

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.

References (10)

Core 10
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202212-01
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jan/20
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jan/19

Scores

CVSS v3 8.1
EPSS 0.0047
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-415
Status published
Products (12)
apple/macos 12.0.0 - 12.6.3
fedoraproject/fedora 35
fedoraproject/fedora 36
fedoraproject/fedora 37
haxx/curl 7.77.0 - 7.86.0
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
netapp/ontap_9
... and 2 more
Published Oct 29, 2022
Tracked Since Feb 18, 2026