AZL-10103

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10103.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-10103

Upstream

CVE-2022-32207

Published

2022-07-07T13:15:08Z

Modified

2026-04-01T05:04:23.992194Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2022-32207 affecting package curl for versions less than 7.84.0-1

Details

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-32207

Affected packages

Azure Linux:2 / curl

Package

Name: curl
Purl: pkg:rpm/azure-linux/curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.84.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10103.json"