CVE-2022-27782

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue is related to how libcurl handles previously used connections in a connection pool for subsequent transfers. When a TLS or SSH-related option is changed, it should prohibit the reuse of a previously created connection. However, several TLS and SSH settings were left out of the configuration match checks, making them match too easily. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Certificate Validation

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-840CWE-305CWE-287CWE-303

Related Identifiers

ALSA-2022:5313

ALT-PU-2022-1837

ALT-PU-2022-1877

ALT-PU-2022-1902

AZL-9877

BDU:2022-03185

CESA-2022_5313

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2022-27782

DLA-3085-1

DLA-3288-1

DSA-5197-1

MGASA-2022-0185

OESA-2022-1675

OPENSUSE-SU-2022_1870-1

OPENSUSE-SU-2024:12062-1

RHSA-2022:5245

RHSA-2022:5313

RHSA-2022_5245

RHSA-2022_5313

RLSA-2022:5313

SUSE-SU-2022:1733-1

SUSE-SU-2022:1805-1

SUSE-SU-2022:1870-1

SUSE-SU-2022:2813-1

SUSE-SU-2022:2829-1

USN-5412-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libcurl

CVE-2022-27782

Weakness Enumeration

Related Identifiers

Affected Products

References · 350