Your submission was sent successfully! Close

CVE-2022-27778

Published: 11 May 2022

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

Mitigation

Do not use `--no-clobber` with `--remove-on-error`
Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)

Notes

AuthorNote
amurray
Only affects the curl command-line client and only version 7.83.0

References