First published: Mon Jun 20 2022(Updated: )
curl. Multiple issues were addressed by updating to curl version 7.84.0.
Credit: support@hackerone.com CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-curl | <0:7.86.0-2.el8 | 0:7.86.0-2.el8 |
redhat/jbcs-httpd24-curl | <0:7.86.0-2.el7 | 0:7.86.0-2.el7 |
redhat/curl | <0:7.61.1-22.el8_6.4 | 0:7.61.1-22.el8_6.4 |
redhat/curl | <0:7.76.1-14.el9_0.5 | 0:7.76.1-14.el9_0.5 |
debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 |
Apple macOS Ventura | <13 | 13 |
redhat/curl | <7.84.0 | 7.84.0 |
Haxx Curl | >=7.16.4<7.84.0 | |
Fedoraproject Fedora | =35 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
NetApp Clustered Data ONTAP | ||
Netapp Element Software | ||
Netapp Hci Management Node | ||
Netapp Solidfire | ||
All of | ||
Netapp Hci Compute Node | ||
Netapp Bootstrap Os | ||
All of | ||
Netapp H300s | ||
Netapp H300s Firmware | ||
All of | ||
Netapp H500s | ||
Netapp H500s Firmware | ||
All of | ||
Netapp H700s | ||
Netapp H700s Firmware | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Apple macOS | <13.0 | |
Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
Splunk Universal Forwarder | =9.1.0 | |
Netapp Bootstrap Os | ||
Netapp Hci Compute Node | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H410s Firmware | ||
Netapp H410s |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2022-32208.
The severity of CVE-2022-32208 is medium with a CVSS score of 5.3.
CVE-2022-32208 occurs because curl mishandles message verification failures when doing FTP transfers secured by krb5, allowing a Man-in-the-middle attack and data injection into the client.
The software affected by CVE-2022-32208 includes curl version 7.84.0, jbcs-httpd24-curl versions 0:7.86.0-2.el8 and 0:7.86.0-2.el7, curl version 7.61.1-22.el8_6, curl version 7.76.1-14.el9_0, Apple macOS Ventura version up to 13, and curl versions 7.64.0-4+deb10u6, 7.74.0-1.3+deb11u7, 7.88.1-10, 7.88.1-10+deb12u1, 7.88.1-11, and 8.2.1-1.
To fix CVE-2022-32208, update to curl version 7.84.0 or later.