Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Related bugs and status

CVE-2022-27776 (Candidate) is related to these bugs:

Bug #1940528: curl 7.68 does not init OpenSSL correctly

		In	Importance	Status
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu)	Undecided	Fix Released
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu Bionic)	Undecided	New
1940528	curl 7.68 does not init OpenSSL correctly	curl (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://hackerone.com/...
CONFIRM: https://security.netap...
DEBIAN: DSA-5197
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2022-f83aec6d57
FEDORA: FEDORA-2022-bca2c95559
GENTOO: GLSA-202212-01