curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Reference: https://curl.se/docs/CVE-2022-43552.html
Created curl tracking bugs for this issue: Affects: fedora-all [bug 2155435] Created mingw-curl tracking bugs for this issue: Affects: fedora-all [bug 2155436]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2478 https://access.redhat.com/errata/RHSA-2023:2478
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2963 https://access.redhat.com/errata/RHSA-2023:2963
This issue has been addressed in the following products: JBCS httpd 2.4.51.sp2 Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-43552
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:7743 https://access.redhat.com/errata/RHSA-2023:7743
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0428 https://access.redhat.com/errata/RHSA-2024:0428