CURL-CVE-2022-32208
- Source
- https://curl.se/docs/CVE-2022-32208.html
- Import Source
- https://curl.se/docs/CURL-CVE-2022-32208.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CURL-CVE-2022-32208
- Aliases
- Published
- 2022-06-27T08:00:00Z
- Modified
- 2025-05-15T17:48:29Z
- Summary
- FTP-KRB bad message verification
- Details
-
When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
- Database specific
{ "package": "curl", "URL": "https://curl.se/docs/CVE-2022-32208.json", "award": { "amount": "480", "currency": "USD" }, "www": "https://curl.se/docs/CVE-2022-32208.html", "CWE": { "id": "CWE-924", "desc": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel" }, "affects": "both", "severity": "Low", "issue": "https://hackerone.com/reports/1590071", "last_affected": "7.83.1" }- References
-
- Credits
-
-
- Harry Sintonen - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.16.4Fixed7.84.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0
7.64.0
7.64.1
7.65.0
7.65.1
7.65.2
7.65.3
7.66.0
7.67.0
7.68.0
7.69.0
7.69.1
7.70.0
7.71.0
7.71.1
7.72.0
7.73.0
7.74.0
7.75.0
7.76.0
7.76.1
7.77.0
7.78.0
7.79.0
7.79.1
7.80.0
7.81.0
7.82.0
7.83.0
7.83.1
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 552.0,
"function_hash": "187038773906953436485892916606076851146"
},
"id": "CURL-CVE-2022-32208-02b98b15",
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/curl/curl.git/commit/6ecdf5136b52af747e7bda08db9a748256b1cd09",
"target": {
"function": "read_data",
"file": "lib/krb5.c"
}
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"286934819598030833242934280297054476909",
"20234921049985418404237356465653962949",
"56055474499447200668157634499305182686",
"161834251446265106108905169295876384247",
"22407067155285090579248973401258006601",
"198469278939046807241391916251023545165",
"93366919389418932165274967335757122277",
"43308615973052964351679323280022538680",
"40784277274123226949481542791733527710",
"271183619535140295273330405673801383224",
"14160480637694679516787490996899870597",
"29260199323189043931958394750686272400",
"69816460313313489979991754956362200584",
"16333282125280687693016731970846290690",
"36764977625834935663465095213859035748",
"258094866072086063538857549811355410127",
"122094011798218684173830333583731848492",
"176912201944931711913667794386040447824",
"97390275707439772929362356814805489962",
"189621186556556023011377430680076678453",
"332125086285550548469384868818464080976"
]
},
"id": "CURL-CVE-2022-32208-9314923b",
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/curl/curl.git/commit/6ecdf5136b52af747e7bda08db9a748256b1cd09",
"target": {
"file": "lib/krb5.c"
}
}
]
}