CVE-2022-32221: Infoleak
First published: Mon Oct 17 2022(Updated: )
A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request.
Credit: support@hackerone.com CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260 CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260 support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-curl | <0:7.86.0-2.el8 | 0:7.86.0-2.el8 |
| redhat/jbcs-httpd24-curl | <0:7.86.0-2.el7 | 0:7.86.0-2.el7 |
| redhat/curl | <0:7.76.1-19.el9_1.1 | 0:7.76.1-19.el9_1.1 |
| redhat/curl | <0:7.76.1-14.el9_0.6 | 0:7.76.1-14.el9_0.6 |
| debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 |
| Apple macOS Ventura | <13.2 | 13.2 |
| redhat/curl | <7.86.0 | 7.86.0 |
| redhat/libcurl | <7.86.0 | 7.86.0 |
| Apple macOS Monterey | <12.6.3 | 12.6.3 |
| Haxx Curl | <7.86.0 | |
| NetApp Clustered Data ONTAP | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Apple macOS | <12.6.3 | |
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 | |
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213604 (Advisory)
- https://support.apple.com/en-us/HT213605 (Advisory)
- http://seclists.org/fulldisclosure/2023/Jan/19
- http://seclists.org/fulldisclosure/2023/Jan/20
- http://www.openwall.com/lists/oss-security/2023/05/17/4
- https://hackerone.com/reports/1704017
- https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20230110-0006/
- https://security.netapp.com/advisory/ntap-20230208-0002/
- https://support.apple.com/kb/HT213604
- https://support.apple.com/kb/HT213605
- https://www.debian.org/security/2023/dsa-5330
- https://curl.se/docs/CVE-2022-32221.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2137780
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2137781
- https://access.redhat.com/errata/RHSA-2022:8840
- https://access.redhat.com/errata/RHSA-2022:8841
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2153064
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2153065
- https://access.redhat.com/errata/RHSA-2023:0333
- https://access.redhat.com/security/cve/cve-2022-32221
- https://access.redhat.com/errata/RHSA-2023:4139
- https://access.redhat.com/security/cve/CVE-2022-32221
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2135411#c1
- https://bugzilla.redhat.com/show_bug.cgi?id=2135411
- https://www.cve.org/CVERecord?id=CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 https://curl.se/docs/CVE-2022-32221.html
- https://github.com/curl/curl/issues/9507
- https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9
- https://security-tracker.debian.org/tracker/CVE-2022-32221
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32438
- CVE-2023-23499
- CVE-2023-23520
- CVE-2022-42915
- CVE-2022-42916
- CVE-2022-32221
- CVE-2022-35260
- CVE-2023-23539
- CVE-2023-23513
- CVE-2023-23493
- CVE-2023-41990
- CVE-2023-23530
- CVE-2023-23531
- CVE-2023-23519
- CVE-2023-23507
- CVE-2023-23516
- CVE-2023-23500
- CVE-2023-23502
- CVE-2023-23504
- CVE-2023-23506
- CVE-2023-23498
- CVE-2023-23503
- CVE-2023-28208
- CVE-2023-23497
- CVE-2023-23510
- CVE-2023-23512
- CVE-2023-23505
- CVE-2022-3705
- CVE-2023-23511
- CVE-2023-32393
- CVE-2023-23496
- CVE-2023-23518
- CVE-2023-23517
- CVE-2023-23501
- CVE-2023-23508
- CVE-2022-0108
- CVE-2022-35252
- CVE-2022-32915
- CVE-2022-42834
- CVE-2023-27931
Frequently Asked Questions
What is CVE-2022-32221?
CVE-2022-32221 is a vulnerability in libcurl that can be exploited when using the read callback incorrectly.
How does CVE-2022-32221 affect macOS Monterey?
macOS Monterey version 12.6.3 is affected by CVE-2022-32221. Updating to version 12.6.3 remedies the vulnerability.
Which version of jbcs-httpd24-curl is affected by CVE-2022-32221 on Red Hat?
Versions up to and excluding 0:7.86.0-2.el8 and 0:7.86.0-2.el7 of jbcs-httpd24-curl on Red Hat are affected by CVE-2022-32221.
How severe is CVE-2022-32221?
CVE-2022-32221 has a severity level of medium.
Where can I find more information about CVE-2022-32221?
You can find more information about CVE-2022-32221 at the following links: [Apple Support](https://support.apple.com/en-us/HT213604), [CVE](https://www.cve.org/CVERecord?id=CVE-2022-32221), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [curl.se](https://curl.se/docs/CVE-2022-32221.html), and [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2135411).
- collector/redhat-cve
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/apple-support
- source/Apple
- alias/CVE-2022-42916
- alias/CVE-2022-32221
- alias/CVE-2022-35260
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- agent/event
- agent/description
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/apple
- canonical/apple macos ventura
- canonical/apple macos monterey
- vendor/haxx
- canonical/haxx curl
- vendor/netapp
- canonical/netapp clustered data ontap
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- canonical/apple macos
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0