PT-2022-2591 · Curl+10 · Curl+10

Harry Sintonen

·

Published

2022-04-18

·

Updated

2026-05-18

·

CVE-2022-27774

CVSS v3.1

5.7

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions curl versions 4.9 through 7.82.0
Description The issue is related to the handling of HTTP(S) redirects during the authentication process in the cURL utility. When cURL follows redirects, it may leak credentials to other services on different protocols or port numbers. This could allow a remote attacker to gain unauthorized access to protected information. The problem arises because cURL's "same host check" is flawed, failing to consider cross-protocol redirects and different port numbers as separate hosts.
Recommendations For curl versions 4.9 through 7.82.0, consider disabling the ability to follow HTTP(S) redirects when using authentication to minimize the risk of credential leakage. Restrict access to sensitive information by limiting the use of cURL with authentication to only necessary cases. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-200

Related Identifiers

ALSA-2022:5313
ALT-PU-2022-1827
ALT-PU-2022-1877
ALT-PU-2022-1902
BDU:2022-03041
CESA-2022_5313
CLEANSTART-2026-AY18527
CLEANSTART-2026-BW46578
CLEANSTART-2026-DI23929
CLEANSTART-2026-LQ42192
CLEANSTART-2026-OF85770
CVE-2022-27774
DLA-3288-1
DSA-5197-1
DSA-5330-1
DSA-5365-1
MGASA-2022-0159
OESA-2022-1659
OPENSUSE-SU-2024:12028-1
RHSA-2022:5245
RHSA-2022:5313
RHSA-2022_5245
RHSA-2022_5313
RLSA-2022:5313
SUSE-SU-2023:2225-1
SUSE-SU-2023_2225-1
USN-5397-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Curl