CVE-2022-43552: Use After Free
First published: Mon Dec 12 2022(Updated: )
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft CBL Mariner 1.0 x64 | ||
| Microsoft CBL Mariner 2.0 x64 | ||
| Microsoft CBL Mariner 1.0 ARM | ||
| Microsoft CBL Mariner 2.0 ARM | ||
| redhat/jbcs-httpd24-curl | <0:8.0.1-1.el8 | 0:8.0.1-1.el8 |
| redhat/jbcs-httpd24-curl | <0:8.0.1-1.el7 | 0:8.0.1-1.el7 |
| redhat/curl | <0:7.61.1-30.el8 | 0:7.61.1-30.el8 |
| redhat/curl | <0:7.76.1-23.el9 | 0:7.76.1-23.el9 |
| Microsoft Windows 11 | =21H2 | |
| Microsoft Windows 11 | =21H2 | |
| Microsoft Windows 11 | =22H2 | |
| Microsoft Windows 11 | =22H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows 10 | =20H2 | |
| Microsoft Windows 10 | =20H2 | |
| Microsoft Windows 10 | =20H2 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =21H2 | |
| debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 |
| Haxx Curl | <7.87.0 | |
| Apple macOS | >=13.0<13.3 | |
| Apple macOS Ventura | <13.3 | 13.3 |
| redhat/curl | <7.87.0 | 7.87.0 |
| IBM IBM® Engineering Requirements Management DOORS | <=9.7.2.7 | |
| IBM IBM® Engineering Requirements Management DOORS Web Access | <=9.7.2.7 | |
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-43552 (Advisory)
- https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2152652
- https://access.redhat.com/errata/RHSA-2023:3354
- https://access.redhat.com/errata/RHSA-2023:2963
- https://access.redhat.com/errata/RHSA-2023:2478
- https://access.redhat.com/errata/RHSA-2023:3355
- https://access.redhat.com/security/cve/cve-2022-43552
- https://curl.se/docs/CVE-2022-43552.html
- https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482
- https://github.com/curl/curl/commit/aec2e865f06669b9cb5d26cc1148d70bc418b163
- https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2
- https://security-tracker.debian.org/tracker/CVE-2022-43552
- http://seclists.org/fulldisclosure/2023/Mar/17
- https://hackerone.com/reports/1764858
- https://security.gentoo.org/glsa/202310-12
- https://security.netapp.com/advisory/ntap-20230214-0002/
- https://support.apple.com/kb/HT213670
- https://support.apple.com/en-us/HT213670 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2155435
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2155436
- https://access.redhat.com/errata/RHSA-2023:7743
- https://access.redhat.com/errata/RHSA-2024:0428
- https://exchange.xforce.ibmcloud.com/vulnerabilities/242799
- https://www.ibm.com/support/pages/node/7124058 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32436
- CVE-2023-27968
- CVE-2023-28209
- CVE-2023-28210
- CVE-2023-28211
- CVE-2023-28212
- CVE-2023-28213
- CVE-2023-28214
- CVE-2023-28215
- CVE-2023-32356
- CVE-2023-23532
- CVE-2023-23527
- CVE-2023-27931
- CVE-2023-28179
- CVE-2023-42830
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-23543
- CVE-2023-23534
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-28181
- CVE-2023-32426
- CVE-2022-43551
- CVE-2022-43552
- CVE-2023-27934
- CVE-2023-28180
- CVE-2023-27935
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-40433
- CVE-2023-28190
- CVE-2023-23537
- CVE-2023-28195
- CVE-2023-27956
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-23526
- CVE-2023-27928
- CVE-2023-27939
- CVE-2023-27947
- CVE-2023-27948
- CVE-2023-42862
- CVE-2023-42865
- CVE-2023-23535
- CVE-2023-27929
- CVE-2023-27946
- CVE-2023-27957
- CVE-2023-32378
- CVE-2023-28187
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-27969
- CVE-2023-27933
- CVE-2023-28200
- CVE-2023-27943
- CVE-2023-23525
- CVE-2023-40383
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-27950
- CVE-2023-27949
- CVE-2023-28182
- CVE-2023-23538
- CVE-2023-27962
- CVE-2023-23523
- CVE-2023-27942
- CVE-2023-32362
- CVE-2023-27952
- CVE-2023-23533
- CVE-2023-28178
- CVE-2023-27966
- CVE-2023-27963
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-28188
- CVE-2023-0049
- CVE-2023-0051
- CVE-2023-0054
- CVE-2023-0288
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-32370
- CVE-2023-28198
- CVE-2023-32435
- CVE-2023-27932
- CVE-2023-27954
- CVE-2014-1745
- CVE-2023-32358
- CVE-2023-28201
- CVE-2023-27944
Frequently Asked Questions
What is CVE-2022-43552?
CVE-2022-43552 is a vulnerability found in curl that allows for remote code execution.
What software is affected by CVE-2022-43552?
Microsoft CBL Mariner 1.0 ARM, Microsoft CBL Mariner 1.0 x64, Microsoft CBL Mariner 2.0 x64, Microsoft CBL Mariner 2.0 ARM, Windows 11 (version 22H2), Windows 10 (version 22H2), Windows Server 2019, Windows Server 2022, and Windows 10 (version 1809) are affected by CVE-2022-43552.
How severe is CVE-2022-43552?
CVE-2022-43552 has a high severity rating of 5.9.
How can I fix CVE-2022-43552?
To fix CVE-2022-43552, apply the relevant patches or updates provided by Microsoft or Red Hat.
Where can I find more information about CVE-2022-43552?
You can find more information about CVE-2022-43552 on the Microsoft Security Response Center website, curl documentation, and Red Hat Bugzilla.
- collector/msrc
- collector/msrc-cve
- collector/redhat-cve
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- collector/apple-support
- source/Apple
- alias/CVE-2022-43552
- agent/software-canonical-lookup
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft cbl mariner 1.0 x64
- canonical/microsoft cbl mariner 2.0 x64
- canonical/microsoft cbl mariner 1.0 arm
- canonical/microsoft cbl mariner 2.0 arm
- package-manager/redhat
- canonical/microsoft windows 11
- version/microsoft windows 11/21h2
- version/microsoft windows 11/22h2
- canonical/microsoft windows server 2022
- canonical/microsoft windows server 2019
- canonical/microsoft windows 10
- version/microsoft windows 10/20h2
- version/microsoft windows 10/1809
- version/microsoft windows 10/22h2
- version/microsoft windows 10/21h2
- package-manager/debian
- vendor/haxx
- canonical/haxx curl
- vendor/apple
- canonical/apple macos
- version/apple macos/13.0
- canonical/apple macos ventura
- vendor/ibm
- canonical/ibm ibm® engineering requirements management doors
- version/ibm ibm® engineering requirements management doors/9.7.2.7
- canonical/ibm ibm® engineering requirements management doors web access
- version/ibm ibm® engineering requirements management doors web access/9.7.2.7
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0