libcurl provides the CURLOPT_CERTINFO
option to allow applications to
request details to be returned about a TLS server's certificate chain.
Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.
{ "CWE": { "id": "CWE-835", "desc": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "URL": "https://curl.se/docs/CVE-2022-27781.json", "www": "https://curl.se/docs/CVE-2022-27781.html", "package": "curl", "issue": "https://hackerone.com/reports/1555441", "last_affected": "7.83.0", "affects": "lib", "severity": "Low" }
{ "vanir_signatures": [ { "deprecated": false, "target": { "function": "display_conn_info", "file": "lib/vtls/nss.c" }, "source": "https://github.com/curl/curl.git/commit/5c7da89d404bf59c8dd82a001119a16d18365917", "digest": { "function_hash": "119952315264947547505408304301898934427", "length": 1265.0 }, "id": "CURL-CVE-2022-27781-18eb782e", "signature_type": "Function", "signature_version": "v1" }, { "deprecated": false, "target": { "file": "lib/vtls/nss.c" }, "source": "https://github.com/curl/curl.git/commit/5c7da89d404bf59c8dd82a001119a16d18365917", "digest": { "line_hashes": [ "236797745310488444108348493315805500132", "222406199052514222794486417960583007861", "39267736724132391586582497542171928336", "56947198554545870756526324233928044401", "126755884391517798093707259725204477399", "138007774983089227384082586770325334603", "269459019928710695163306352805301572008" ], "threshold": 0.9 }, "id": "CURL-CVE-2022-27781-746c0fcf", "signature_type": "Line", "signature_version": "v1" } ] }