Bug 2152652 (CVE-2022-43552)
Summary: | CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | andrew.slice, bodavis, csutherl, dbhole, jclere, jwon, kanderso, kdudka, kyoshida, lvaleeva, mdogra, mturk, ngalvin, omajid, peholase, pjindal, plodge, rwagner, security-response-team, szappis |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | Flags: | mrehak:
needinfo?
(mdogra) |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | curl 7.87.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-06-05 18:17:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2152789, 2152790, 2155435, 2155436, 2158513 | ||
Bug Blocks: | 2152645 |
Description
Marian Rehak
2022-12-12 15:48:58 UTC
Created curl tracking bugs for this issue: Affects: fedora-all [bug 2155435] Created mingw-curl tracking bugs for this issue: Affects: fedora-all [bug 2155436] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2478 https://access.redhat.com/errata/RHSA-2023:2478 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2963 https://access.redhat.com/errata/RHSA-2023:2963 This issue has been addressed in the following products: JBCS httpd 2.4.51.sp2 Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-43552 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:7743 https://access.redhat.com/errata/RHSA-2023:7743 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0428 https://access.redhat.com/errata/RHSA-2024:0428 |