Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9nak-pscy-e7gs
Vulnerability ID VCID-9nak-pscy-e7gs
Aliases CVE-2022-32221
Summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-440 Expected Behavior Violation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json
epss 0.01681 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01681 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.01681 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.02591 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.02591 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.02753 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.02753 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.02753 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
epss 0.02753 https://api.first.org/data/v1/epss?cve=CVE-2022-32221
cvssv3.1 Medium https://curl.se/docs/CVE-2022-32221.html
cvssv3.1 9.8 http://seclists.org/fulldisclosure/2023/Jan/19
ssvc Track* http://seclists.org/fulldisclosure/2023/Jan/19
cvssv3.1 9.8 http://seclists.org/fulldisclosure/2023/Jan/20
ssvc Track* http://seclists.org/fulldisclosure/2023/Jan/20
cvssv3.1 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://hackerone.com/reports/1704017
ssvc Track* https://hackerone.com/reports/1704017
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ssvc Track* https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
cvssv3.1 9.8 https://security.gentoo.org/glsa/202212-01
ssvc Track* https://security.gentoo.org/glsa/202212-01
cvssv3.1 9.8 https://security.netapp.com/advisory/ntap-20230110-0006/
ssvc Track* https://security.netapp.com/advisory/ntap-20230110-0006/
cvssv3.1 9.8 https://security.netapp.com/advisory/ntap-20230208-0002/
ssvc Track* https://security.netapp.com/advisory/ntap-20230208-0002/
cvssv3.1 9.8 https://support.apple.com/kb/HT213604
ssvc Track* https://support.apple.com/kb/HT213604
cvssv3.1 9.8 https://support.apple.com/kb/HT213605
ssvc Track* https://support.apple.com/kb/HT213605
cvssv3.1 9.8 https://www.debian.org/security/2023/dsa-5330
ssvc Track* https://www.debian.org/security/2023/dsa-5330
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2023/05/17/4
ssvc Track* http://www.openwall.com/lists/oss-security/2023/05/17/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json
https://api.first.org/data/v1/epss?cve=CVE-2022-32221
https://curl.se/docs/CVE-2022-32221.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1704017
19 http://seclists.org/fulldisclosure/2023/Jan/19
20 http://seclists.org/fulldisclosure/2023/Jan/20
2135411 https://bugzilla.redhat.com/show_bug.cgi?id=2135411
4 http://www.openwall.com/lists/oss-security/2023/05/17/4
dsa-5330 https://www.debian.org/security/2023/dsa-5330
GLSA-202212-01 https://security.gentoo.org/glsa/202212-01
HT213604 https://support.apple.com/kb/HT213604
HT213605 https://support.apple.com/kb/HT213605
msg00028.html https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ntap-20230110-0006 https://security.netapp.com/advisory/ntap-20230110-0006/
ntap-20230208-0002 https://security.netapp.com/advisory/ntap-20230208-0002/
RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:0333 https://access.redhat.com/errata/RHSA-2023:0333
RHSA-2023:4139 https://access.redhat.com/errata/RHSA-2023:4139
USN-5702-1 https://usn.ubuntu.com/5702-1/
USN-5702-2 https://usn.ubuntu.com/5702-2/
USN-5823-1 https://usn.ubuntu.com/5823-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Jan/19
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/19
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Jan/20
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/20
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://hackerone.com/reports/1704017
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://hackerone.com/reports/1704017
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202212-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://security.gentoo.org/glsa/202212-01
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230110-0006/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://security.netapp.com/advisory/ntap-20230110-0006/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230208-0002/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://security.netapp.com/advisory/ntap-20230208-0002/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT213604
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://support.apple.com/kb/HT213604
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT213605
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://support.apple.com/kb/HT213605
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at https://www.debian.org/security/2023/dsa-5330
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/17/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-20T15:51:51Z/ Found at http://www.openwall.com/lists/oss-security/2023/05/17/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.82185
EPSS Score 0.01681
Published At April 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:24.161580+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202212-01 38.0.0