Search for vulnerabilities
Vulnerability details: VCID-7je1-vmpe-aaad
Vulnerability ID VCID-7je1-vmpe-aaad
Aliases CVE-2022-32221
Summary When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-668 Exposure of Resource to Wrong Sphere
CWE-440 Expected Behavior Violation
System Score Found at
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.00759 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01101 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01101 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01101 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01101 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01101 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01101 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.03885 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
cvssv3.1 Medium https://curl.se/docs/CVE-2022-32221.html
cvssv3.1 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32221
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32221
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json
https://api.first.org/data/v1/epss?cve=CVE-2022-32221
https://curl.se/docs/CVE-2022-32221.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
http://seclists.org/fulldisclosure/2023/Jan/19
http://seclists.org/fulldisclosure/2023/Jan/20
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1704017
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
https://security.gentoo.org/glsa/202212-01
https://security.netapp.com/advisory/ntap-20230110-0006/
https://security.netapp.com/advisory/ntap-20230208-0002/
https://support.apple.com/kb/HT213604
https://support.apple.com/kb/HT213605
https://www.debian.org/security/2023/dsa-5330
http://www.openwall.com/lists/oss-security/2023/05/17/4
2135411 https://bugzilla.redhat.com/show_bug.cgi?id=2135411
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221
RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:0333 https://access.redhat.com/errata/RHSA-2023:0333
RHSA-2023:4139 https://access.redhat.com/errata/RHSA-2023:4139
USN-5702-1 https://usn.ubuntu.com/5702-1/
USN-5702-2 https://usn.ubuntu.com/5702-2/
USN-5823-1 https://usn.ubuntu.com/5823-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.71359
EPSS Score 0.00346
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.