CVE-2022-27781
02.06.2022, 14:15
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 𝑥 < 7.83.1 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| netapp | hci_bootstrap_os | - |
| netapp | clustered_data_ontap | - |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - |
| netapp | solidfire_\&_hci_management_node | - |
| netapp | hci_compute_node | - |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
References