CVE-2022-27775 : An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address tha

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Published 2022-06-02 14:15:44

Updated 2024-03-27 15:02:27

Source HackerOne

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2022-27775

Probability of exploitation activity in the next 30 days: 0.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-27775

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-27775

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: support@hackerone.com (Secondary)

References for CVE-2022-27775

https://security.gentoo.org/glsa/202212-01

curl: Multiple Vulnerabilities (GLSA 202212-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20220609-0008/

May 2022 Libcurl Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://hackerone.com/reports/1546268

#1546268 CVE-2022-27775: Bad local IPv6 connection reuse
Exploit;Third Party Advisory
https://www.debian.org/security/2022/dsa-5197

Debian -- Security Information -- DSA-5197-1 curl
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-27775

Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Brocade » Fabric Operating System » Version: N/A
cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire & Hci Management Node » Version: N/A
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » Solidfire & Hci Storage Node » Version: N/A
cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Bootstrap Os » Version: N/A
cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Hci Compute Node » Version: N/A
Splunk » Universal Forwarder
Versions from including (>=) 8.2.0 and before (<) 8.2.12
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder
Versions from including (>=) 9.0.0 and before (<) 9.0.6
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder » Version: 9.1.0
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Matching versions
Haxx » Curl
Versions from including (>=) 7.65.0 and up to, including, (<=) 7.82.0
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-27775

Exploit prediction scoring system (EPSS) score for CVE-2022-27775

CVSS scores for CVE-2022-27775

CWE ids for CVE-2022-27775

References for CVE-2022-27775

Products affected by CVE-2022-27775