Vulnerability Details : CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
Publish Date : 2022-10-29 Last Update Date : 2023-01-26

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	0.0
Confidentiality Impact	???
Integrity Impact	???
Availability Impact	???
Access Complexity	???
Authentication	???
Gained Access	None
Vulnerability Type(s)
CWE ID	415

- Products Affected By CVE-2022-42915

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Fedoraproject	Fedora	35	*	*	*	Version Details Vulnerabilities
2	OS	Fedoraproject	Fedora	36	*	*	*	Version Details Vulnerabilities
3	OS	Fedoraproject	Fedora	37	*	*	*	Version Details Vulnerabilities
4	Application	Haxx	Curl	*	*	*	*	Version Details Vulnerabilities
5	Application	Netapp	Ontap 9	-	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Fedoraproject	Fedora	3
Haxx	Curl	1
Netapp	Ontap 9	1

- References For CVE-2022-42915

https://security.netapp.com/advisory/ntap-20221209-0010/ CONFIRM

https://curl.se/docs/CVE-2022-42915.html

http://seclists.org/fulldisclosure/2023/Jan/20
FULLDISC 20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

https://support.apple.com/kb/HT213604 CONFIRM

https://support.apple.com/kb/HT213605 CONFIRM

https://security.gentoo.org/glsa/202212-01
GENTOO GLSA-202212-01

http://seclists.org/fulldisclosure/2023/Jan/19
FULLDISC 20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2

https://lists.fedoraproject.org/archives/list/[email protected]/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/
FEDORA FEDORA-2022-01ffde372c

https://lists.fedoraproject.org/archives/list/[email protected]/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/
FEDORA FEDORA-2022-39688a779d

https://lists.fedoraproject.org/archives/list/[email protected]/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/
FEDORA FEDORA-2022-e9d65906c4

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *
Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *
Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *
Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *
Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *
Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *
Vulnerability is valid if product versions listed below are used 0
Netapp Ontap 9 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Fedoraproject Fedora 35 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * *

- Metasploit Modules Related To CVE-2022-42915

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)