CVE-2022-32208

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.84.0

Description The issue is related to how curl handles message verification failures when doing FTP transfers secured by krb5. This flaw allows a Man-In-The-Middle attack to go unnoticed and enables the injection of data to the client.

Recommendations For versions prior to 7.84.0, update to version 7.84.0 to resolve the issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-840CWE-924CWE-787

Related Identifiers

ALSA-2022:6157

ALSA-2022:6159

ALT-PU-2022-2421

ALT-PU-2022-2588

ALT-PU-2022-2874

AZL-10104

BDU:2022-06911

CESA-2022_6159

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2022-32208

DLA-3085-1

DSA-5197-1

MGASA-2022-0250

OESA-2022-1744

OPENSUSE-SU-2022_2305-1

OPENSUSE-SU-2022_2327-1

OPENSUSE-SU-2024:12214-1

RHSA-2022:6157

RHSA-2022:6159

RHSA-2022:8840

RHSA-2022_6157

RHSA-2022_6159

RLSA-2022:6157

RLSA-2022:6159

SUSE-SU-2022:2288-1

SUSE-SU-2022:2305-1

SUSE-SU-2022:2327-1

SUSE-SU-2022:2327-2

SUSE-SU-2022:2356-1

SUSE-SU-2022:2813-1

SUSE-SU-2022:2829-1

SUSE-SU-2022_2356-1

USN-5495-1

USN-5495-2

USN-5499-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Suse

Ubuntu

Curl

CVE-2022-32208

Weakness Enumeration

Related Identifiers

Affected Products

References · 359