PT-2022-2587 · Curl+10 · Curl+10

Monnerat

+1

·

Published

2022-03-18

·

Updated

2026-05-27

·

CVE-2022-22576

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions curl versions 7.33.0 through 7.82.0
Description An improper authentication issue exists, potentially allowing the reuse of OAUTH2-authenticated connections without ensuring the connection was authenticated with the same credentials as set for the transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S), and LDAP(S) (openldap only). The issue is related to how libcurl maintains a pool of live connections after a transfer has completed, which can lead to an authentication bypass if a connection is reused with different credentials.
Recommendations For curl versions 7.33.0 through 7.82.0, consider disabling the reuse of OAUTH2-authenticated connections as a temporary workaround until a patch is available. Restrict access to SASL-enabled protocols to minimize the risk of exploitation. Avoid reusing connections authenticated with OAUTH2 bearers for different users or credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Improper Authentication

Weakness Enumeration

CWE-306CWE-287CWE-305

Related Identifiers

ALSA-2022:5313
ALT-PU-2022-1827
ALT-PU-2022-1877
ALT-PU-2022-1902
BDU:2022-03036
CESA-2022_5313
CLEANSTART-2026-AY18527
CLEANSTART-2026-BW46578
CLEANSTART-2026-DI23929
CLEANSTART-2026-LQ42192
CLEANSTART-2026-OF85770
CVE-2022-22576
DLA-3085-1
DSA-5197-1
MGASA-2022-0159
OESA-2022-1659
OPENSUSE-SU-2022_1657-1
OPENSUSE-SU-2024:12028-1
RHSA-2022:5245
RHSA-2022:5313
RHSA-2022_5245
RHSA-2022_5313
RLSA-2022:5313
SUSE-SU-2022:1657-1
SUSE-SU-2022:1680-1
SUSE-SU-2022_1657-1
SUSE-SU-2022_1680-1
USN-5397-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Curl