CVE-2022-32221
Last modified
CVE-2022-32221 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. EPSS estimates a 4.32% chance of exploitation in the next 30 days.
Description
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | < 7.86.0 |
| Netapp | Clustered Data Ontap | All versions |
| Netapp | H300s Firmware | All versions |
| Netapp | H500s Firmware | All versions |
| Netapp | H700s Firmware | All versions |
| Netapp | H410s Firmware | All versions |
| Debian | Debian Linux | 10.0 |
| Debian | Debian Linux | 11.0 |
| Apple | Macos | < 12.6.3 |
| Splunk | Universal Forwarder | >= 8.2.0, < 8.2.12 |
| Splunk | Universal Forwarder | >= 9.0.0, < 9.0.6 |
| Splunk | Universal Forwarder | 9.1.0 |
References
- http://seclists.org/fulldisclosure/2023/Jan/19Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jan/20Mailing List, Third Party Advisory
- https://hackerone.com/reports/1704017Exploit, Issue Tracking, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230110-0006/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230208-0002/Third Party Advisory
- https://support.apple.com/kb/HT213604Third Party Advisory
- https://support.apple.com/kb/HT213605Third Party Advisory
- https://www.debian.org/security/2023/dsa-5330Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jan/19Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jan/20Mailing List, Third Party Advisory
- https://hackerone.com/reports/1704017Exploit, Issue Tracking, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230110-0006/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230208-0002/Third Party Advisory
- https://support.apple.com/kb/HT213604Third Party Advisory
- https://support.apple.com/kb/HT213605Third Party Advisory
- https://www.debian.org/security/2023/dsa-5330Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-32221?
How severe is CVE-2022-32221?
How do I fix CVE-2022-32221?
Are you affected by CVE-2022-32221?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST