OESA-2022-1675
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1675
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1675.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1675
- Upstream
- Published
- 2022-05-28T11:03:49Z
- Modified
- 2025-08-12T05:13:22.956734Z
- Summary
- curl security update
- Details
-
cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.
Security Fix(es):
libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2022-27782)
A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability.(CVE-2022-27781)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / curl
Package
- Name
- curl
- Purl
- pkg:rpm/openEuler/curl&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.71.1-14.oe1
Ecosystem specific
{
"aarch64": [
"curl-7.71.1-14.oe1.aarch64.rpm",
"curl-debugsource-7.71.1-14.oe1.aarch64.rpm",
"curl-debuginfo-7.71.1-14.oe1.aarch64.rpm",
"libcurl-7.71.1-14.oe1.aarch64.rpm",
"libcurl-devel-7.71.1-14.oe1.aarch64.rpm"
],
"src": [
"curl-7.71.1-14.oe1.src.rpm"
],
"noarch": [
"curl-help-7.71.1-14.oe1.noarch.rpm"
],
"x86_64": [
"curl-7.71.1-14.oe1.x86_64.rpm",
"curl-debugsource-7.71.1-14.oe1.x86_64.rpm",
"curl-debuginfo-7.71.1-14.oe1.x86_64.rpm",
"libcurl-7.71.1-14.oe1.x86_64.rpm",
"libcurl-devel-7.71.1-14.oe1.x86_64.rpm"
]
}
openEuler:20.03-LTS-SP3 / curl
Package
- Name
- curl
- Purl
- pkg:rpm/openEuler/curl&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.71.1-14.oe1
Ecosystem specific
{
"aarch64": [
"curl-7.71.1-14.oe1.aarch64.rpm",
"curl-debugsource-7.71.1-14.oe1.aarch64.rpm",
"curl-debuginfo-7.71.1-14.oe1.aarch64.rpm",
"libcurl-7.71.1-14.oe1.aarch64.rpm",
"libcurl-devel-7.71.1-14.oe1.aarch64.rpm"
],
"src": [
"curl-7.71.1-14.oe1.src.rpm"
],
"noarch": [
"curl-help-7.71.1-14.oe1.noarch.rpm"
],
"x86_64": [
"curl-7.71.1-14.oe1.x86_64.rpm",
"curl-debugsource-7.71.1-14.oe1.x86_64.rpm",
"curl-debuginfo-7.71.1-14.oe1.x86_64.rpm",
"libcurl-7.71.1-14.oe1.x86_64.rpm",
"libcurl-devel-7.71.1-14.oe1.x86_64.rpm"
]
}
openEuler:22.03-LTS / curl
Package
- Name
- curl
- Purl
- pkg:rpm/openEuler/curl&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.79.1-6.oe2203
Ecosystem specific
{
"aarch64": [
"curl-7.79.1-6.oe2203.aarch64.rpm",
"curl-debugsource-7.79.1-6.oe2203.aarch64.rpm",
"curl-debuginfo-7.79.1-6.oe2203.aarch64.rpm",
"libcurl-7.79.1-6.oe2203.aarch64.rpm",
"libcurl-devel-7.79.1-6.oe2203.aarch64.rpm"
],
"src": [
"curl-7.79.1-6.oe2203.src.rpm"
],
"noarch": [
"curl-help-7.79.1-6.oe2203.noarch.rpm"
],
"x86_64": [
"curl-7.79.1-6.oe2203.x86_64.rpm",
"curl-debugsource-7.79.1-6.oe2203.x86_64.rpm",
"curl-debuginfo-7.79.1-6.oe2203.x86_64.rpm",
"libcurl-7.79.1-6.oe2203.x86_64.rpm",
"libcurl-devel-7.79.1-6.oe2203.x86_64.rpm"
]
}