CVE-2022-27778
Published: 11 May 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
Mitigation
Do not use `--no-clobber` with `--remove-on-error`
Priority
CVSS 3 base score: 8.1
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
impish |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
Notes
Author | Note |
---|---|
amurray | Only affects the curl command-line client and only version 7.83.0 |