CVE-2022-27778
Published: 11 May 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
Notes
| Author | Note |
|---|---|
| amurray | Only affects the curl command-line client and only version 7.83.0 |
Mitigation
Do not use `--no-clobber` with `--remove-on-error`
Priority
Low
CVSS 3 base score: 8.1
Status
| Package | Release | Status |
|---|---|---|
|
curl Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|