Back to bug 2135411
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2022-10-17 15:03:41 UTC | CC | security-response-team | |
| Marian Rehak | 2022-10-17 15:06:41 UTC | Blocks | 2135407 | |
| Marian Rehak | 2022-10-17 15:07:15 UTC | CC | jburrell | |
| Sandipan Roy | 2022-10-18 08:00:42 UTC | Depends On | 2135687, 2135686 | |
| Sandipan Roy | 2022-10-26 07:10:56 UTC | CC | dffrench, gzaronik, ngough, rgodfrey | |
| Doc Text | A vulnerability found in curl. This security flaw occurs when doing HTTP(S) transfers, curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. | |||
| Sandipan Roy | 2022-10-26 07:22:20 UTC | Deadline | 2022-10-26 | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2022-32221 curl: POST following PUT confusion | CVE-2022-32221 curl: POST following PUT confusion | ||
| Sandipan Roy | 2022-10-26 07:42:58 UTC | Depends On | 2137781, 2137780 | |
| RaTasha Tillery-Smith | 2022-10-26 12:29:07 UTC | Doc Text | A vulnerability found in curl. This security flaw occurs when doing HTTP(S) transfers, curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. | A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. |
| Red Hat Bugzilla | 2022-10-28 13:12:51 UTC | CC | krathod | |
| errata-xmlrpc | 2022-12-08 13:07:20 UTC | Link ID | Red Hat Product Errata RHSA-2022:8840 | |
| errata-xmlrpc | 2022-12-08 13:22:28 UTC | Link ID | Red Hat Product Errata RHSA-2022:8841 | |
| Anten Skrabec | 2022-12-13 22:03:20 UTC | Fixed In Version | curl 7.86.0 | curl 7.86.0, libcurl 7.86.0 |
| Anten Skrabec | 2022-12-13 22:06:11 UTC | Depends On | 2153065, 2153064 | |
| errata-xmlrpc | 2023-01-23 15:21:09 UTC | Link ID | Red Hat Product Errata RHSA-2023:0333 | |
| Product Security DevOps Team | 2023-05-09 15:16:52 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-05-09 15:16:52 UTC | |||
| Zack Miele | 2023-06-13 20:07:13 UTC | Depends On | 2214845 | |
| errata-xmlrpc | 2023-07-18 08:28:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:4139 | |
| Jan Pazdziora | 2023-07-25 14:32:16 UTC | CC | jpazdziora, pmatouse | |
| Flags | needinfo?(pmatouse) | |||
| Gabriel Gaspar Becker | 2023-08-01 12:53:19 UTC | CC | ggasparb | |
| Petr Matousek | 2023-08-10 11:43:45 UTC | CC | saroy | |
| Flags | needinfo?(pmatouse) | needinfo?(saroy) | ||
| Petr Matousek | 2023-08-10 11:44:32 UTC | Comment | 15 | updated |
| Petr Matousek | 2023-08-10 11:45:47 UTC | Comment | 15 | updated |
| Petr Matousek | 2023-08-10 11:46:35 UTC | Comment | 15 | updated |
| Petr Matousek | 2023-08-10 11:49:11 UTC | Comment | 15 | updated |
| Sandipan Roy | 2023-08-10 12:54:47 UTC | Flags | needinfo?(saroy) |
Back to bug 2135411