VulnerableCode Package Details - pkg:alpm/archlinux/curl@7.83.0-1

Search for packages

Package details: pkg:alpm/archlinux/curl@7.83.0-1

Essentials
History (10)

purl	pkg:alpm/archlinux/curl@7.83.0-1

Next non-vulnerable version	7.84.0-1
Latest non-vulnerable version	8.14.1-1
Risk	3.6

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-5tf6-3nns-27eq Aliases: CVE-2022-27779		7.83.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-99x7-ydtz-fkd3 Aliases: CVE-2022-27778	A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.	7.83.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-crjc-1968-fygt Aliases: CVE-2022-27780	The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.	7.83.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kp9v-1wnn-3bbz Aliases: CVE-2022-30115	Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and not using thetrailing dot in the URL.	7.83.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-umjy-kc55-9yd4 Aliases: CVE-2022-27781		7.83.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x25w-g1xm-uqcm Aliases: CVE-2022-27782	libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.	7.83.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-7cxc-5tec-g3gm	A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.	CVE-2022-27776
VCID-btqv-a3xd-47dc	An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).	CVE-2022-22576
VCID-kefk-hzbz-5bh8	An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.	CVE-2022-27775
VCID-rbgk-zqkz-zbhb	An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.	CVE-2022-27774

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T11:37:32.425504+00:00	Arch Linux Importer	Fixing	VCID-btqv-a3xd-47dc	https://security.archlinux.org/AVG-2685	37.0.0
2025-07-31T11:37:32.396751+00:00	Arch Linux Importer	Fixing	VCID-rbgk-zqkz-zbhb	https://security.archlinux.org/AVG-2685	37.0.0
2025-07-31T11:37:32.371256+00:00	Arch Linux Importer	Fixing	VCID-kefk-hzbz-5bh8	https://security.archlinux.org/AVG-2685	37.0.0
2025-07-31T11:37:32.346256+00:00	Arch Linux Importer	Fixing	VCID-7cxc-5tec-g3gm	https://security.archlinux.org/AVG-2685	37.0.0
2025-07-31T11:37:32.255876+00:00	Arch Linux Importer	Affected by	VCID-99x7-ydtz-fkd3	https://security.archlinux.org/AVG-2706	37.0.0
2025-07-31T11:37:32.229061+00:00	Arch Linux Importer	Affected by	VCID-5tf6-3nns-27eq	https://security.archlinux.org/AVG-2706	37.0.0
2025-07-31T11:37:32.199214+00:00	Arch Linux Importer	Affected by	VCID-crjc-1968-fygt	https://security.archlinux.org/AVG-2706	37.0.0
2025-07-31T11:37:32.171537+00:00	Arch Linux Importer	Affected by	VCID-umjy-kc55-9yd4	https://security.archlinux.org/AVG-2706	37.0.0
2025-07-31T11:37:32.144690+00:00	Arch Linux Importer	Affected by	VCID-x25w-g1xm-uqcm	https://security.archlinux.org/AVG-2706	37.0.0
2025-07-31T11:37:32.118011+00:00	Arch Linux Importer	Affected by	VCID-kp9v-1wnn-3bbz	https://security.archlinux.org/AVG-2706	37.0.0