AZL-9877

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9877.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-9877

Upstream

CVE-2022-27782

Published

2022-06-02T14:15:44Z

Modified

2026-04-01T05:23:46.503032Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

CVE-2022-27782 affecting package curl for versions less than 7.83.1-1

Details

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-27782

Affected packages

Azure Linux:2 / curl

Package

Name: curl
Purl: pkg:rpm/azure-linux/curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.83.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9877.json"