CVE-2022-27778

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.83.1 MySQL Server versions 5.7.38 and earlier, 8.0.29 and earlier

Description A use of incorrectly resolved name issue might remove the wrong file when --no-clobber is used together with --remove-on-error. This could allow a remote attacker to delete arbitrary files. The --remove-on-error option tells curl to remove the output file when it returns an error, and not leave a partial file behind. The --no-clobber option prevents curl from overwriting a file if it already exists, and instead appends a number to the name to create a new unused filename. If curl adds a number to not "clobber" the output and an error occurs during transfer, the remove on error logic would remove the original filename without the added number.

Recommendations For curl versions prior to 7.83.1, update to version 7.83.1 or later to resolve the issue. For MySQL Server versions 5.7.38 and earlier, 8.0.29 and earlier, update to a version later than 5.7.38 and 8.0.29 respectively to resolve the issue. As a temporary workaround, consider avoiding the use of --no-clobber and --remove-on-error options together until a patch is available. Restrict access to the curl utility to minimize the risk of exploitation.