PT-2022-7575 · Curl+11 · Curl+11

Bagders

·

Published

2022-11-07

·

Updated

2026-05-18

·

CVE-2022-43552

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions curl versions prior to 7.87.0
Description A use after free vulnerability exists in curl. The issue arises when curl is asked to tunnel virtually all protocols it supports through an HTTP proxy, and the proxy denies such tunnel operations for specific protocols like SMB or TELNET. In the transfer shutdown code path, curl would use a heap-allocated struct after it had been freed. This can be exploited by a remote attacker to cause a denial of service.
Recommendations For versions prior to 7.87.0, update to version 7.87.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTTP proxies that deny tunnel operations for SMB or TELNET protocols to minimize the risk of exploitation. Avoid using curl to tunnel these protocols through an HTTP proxy until the issue is resolved.

Exploit

Fix

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:2478
ALSA-2023:2963
ALT-PU-2022-3379
ALT-PU-2022-3439
ALT-PU-2023-5727
AZL-13280
AZL-13284
AZL-13287
AZL-13289
AZL-34604
AZL-37981
BDU:2024-07332
CESA-2023_2963
CESA-2023_7743
CLEANSTART-2026-AY18527
CLEANSTART-2026-BW46578
CLEANSTART-2026-DI23929
CLEANSTART-2026-LQ42192
CLEANSTART-2026-OF85770
CVE-2022-43552
DLA-3288-1
DSA-5330-1
MGASA-2022-0483
OESA-2023-1005
OESA-2023-1006
OESA-2023-1007
OPENSUSE-SU-2022_4597-1
OPENSUSE-SU-2022_4633-1
OPENSUSE-SU-2024:12583-1
RHSA-2023:2478
RHSA-2023:2963
RHSA-2023:3354
RHSA-2023:7743
RHSA-2023_2478
RHSA-2023_2963
RHSA-2023_7743
RHSA-2024:0428
SUSE-SU-2022:4597-1
SUSE-SU-2022:4598-1
SUSE-SU-2022:4633-1
SUSE-SU-2022_4598-1
SUSE-SU-2023:2226-1
SUSE-SU-2023:2228-1
SUSE-SU-2023_2226-1
SUSE-SU-2023_2228-1
USN-5788-1
USN-5894-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Ibm Aix
Linuxmint
Apple Macos
Red Hat
Red Os
Suse
Ubuntu
Curl