CVE-2022-30115
02.06.2022, 14:15
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.82.0 ≤ 𝑥 < 7.83.1 |
| netapp | hci_bootstrap_os | - |
| netapp | clustered_data_ontap | - |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - |
| netapp | solidfire_\&_hci_management_node | - |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||||||||||
| libcurl-devel |
| ||||||||||||||||||
| libcurl4 |
| ||||||||||||||||||
| libcurl4-32bit |
|
Common Weakness Enumeration
- CWE-325 - Missing Cryptographic StepThe product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
References