Vulnerability Details CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://hackerone.com/reports/1546268
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20220609-0008/
- https://www.debian.org/security/2022/dsa-5197
- https://hackerone.com/reports/1546268
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20220609-0008/
- https://www.debian.org/security/2022/dsa-5197
Products affected by CVE-2022-27775
-
cpe:2.3:a:haxx:curl:7.65.0
-
cpe:2.3:a:haxx:curl:7.65.1
-
cpe:2.3:a:haxx:curl:7.65.2
-
cpe:2.3:a:haxx:curl:7.65.3
-
cpe:2.3:a:haxx:curl:7.66.0
-
cpe:2.3:a:haxx:curl:7.67.0
-
cpe:2.3:a:haxx:curl:7.68.0
-
cpe:2.3:a:haxx:curl:7.69.0
-
cpe:2.3:a:haxx:curl:7.69.1
-
cpe:2.3:a:haxx:curl:7.70.0
-
cpe:2.3:a:haxx:curl:7.71.0
-
cpe:2.3:a:haxx:curl:7.71.1
-
cpe:2.3:a:haxx:curl:7.72.0
-
cpe:2.3:a:haxx:curl:7.73.0
-
cpe:2.3:a:haxx:curl:7.74.0
-
cpe:2.3:a:haxx:curl:7.75.0
-
cpe:2.3:a:haxx:curl:7.76.0
-
cpe:2.3:a:haxx:curl:7.76.1
-
cpe:2.3:a:haxx:curl:7.77.0
-
cpe:2.3:a:haxx:curl:7.78.0
-
cpe:2.3:a:haxx:curl:7.79.0
-
cpe:2.3:a:haxx:curl:7.79.1
-
cpe:2.3:a:haxx:curl:7.80.0
-
cpe:2.3:a:haxx:curl:7.81.0
-
cpe:2.3:a:haxx:curl:7.82.0
-
cpe:2.3:a:netapp:clustered_data_ontap:-
-
cpe:2.3:a:netapp:solidfire_&_hci_management_node:-
-
cpe:2.3:a:netapp:solidfire_&_hci_storage_node:-
-
cpe:2.3:a:splunk:universal_forwarder:8.2.0
-
cpe:2.3:a:splunk:universal_forwarder:8.2.10
-
cpe:2.3:a:splunk:universal_forwarder:8.2.11
-
cpe:2.3:a:splunk:universal_forwarder:8.2.6
-
cpe:2.3:a:splunk:universal_forwarder:8.2.7
-
cpe:2.3:a:splunk:universal_forwarder:8.2.8
-
cpe:2.3:a:splunk:universal_forwarder:8.2.9
-
cpe:2.3:a:splunk:universal_forwarder:9.0.0
-
cpe:2.3:a:splunk:universal_forwarder:9.0.1
-
cpe:2.3:a:splunk:universal_forwarder:9.0.2
-
cpe:2.3:a:splunk:universal_forwarder:9.0.3
-
cpe:2.3:a:splunk:universal_forwarder:9.0.4
-
cpe:2.3:a:splunk:universal_forwarder:9.0.5
-
cpe:2.3:a:splunk:universal_forwarder:9.1.0
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:h:netapp:hci_compute_node:-
-
cpe:2.3:o:brocade:fabric_operating_system:-
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-
-
cpe:2.3:o:netapp:hci_bootstrap_os:-