QwikSec

Security Database

CVE

CWE

Training

CVE-2022-43552

Published: Feb 9, 2023

Modified: Oct 27, 2024

PUBLISHED

Description

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Vendor	Product	Versions
n/a	https://github.com/curl/curl	affected `Fixed in curl 7.87.0`

Weaknesses (CWE)

References

https://hackerone.com/reports/1764858

https://security.netapp.com/advisory/ntap-20230214-0002/

https://support.apple.com/kb/HT213670

20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2022-43552 - Security Vulnerability | QwikSec