Your submission was sent successfully! Close

CVE-2022-22576

Published: 27 April 2022

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic
Released (7.58.0-2ubuntu3.17)
focal
Released (7.68.0-1ubuntu2.10)
impish
Released (7.74.0-1.3ubuntu2.1)
jammy
Released (7.81.0-1ubuntu1.1)
trusty Ignored
(not-in-code)
upstream
Released (7.83.0)
xenial Ignored
(not-in-code)