Your submission was sent successfully! Close

CVE-2022-32208

Published: 27 June 2022

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Notes

AuthorNote
mdeslaur
introduced in 7.16.4
Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic
Released (7.58.0-2ubuntu3.19)
focal
Released (7.68.0-1ubuntu2.12)
impish
Released (7.74.0-1.3ubuntu2.3)
jammy
Released (7.81.0-1ubuntu1.3)
trusty
Released (7.35.0-1ubuntu2.20+esm11)
upstream
Released (7.84.0)
xenial
Released (7.47.0-1ubuntu2.19+esm4)