Your submission was sent successfully! Close

CVE-2022-27775

Published: 27 April 2022

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Notes

AuthorNote
mdeslaur
per upstream, curl 7.65.0 to and including 7.82.0
leosilva
bionic is 7.58.0 and xenial 7.47.0, so not affected.
trusty/esm is 7.35.0, so not affected.
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal
Released (7.68.0-1ubuntu2.10)
impish
Released (7.74.0-1.3ubuntu2.1)
jammy
Released (7.81.0-1ubuntu1.1)
trusty Not vulnerable

upstream
Released (7.83.0)
xenial Not vulnerable