Search for vulnerabilities
Vulnerability details: VCID-d4pe-rmxp-aaak
Vulnerability ID VCID-d4pe-rmxp-aaak
Aliases CVE-2022-43552
Summary A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-43552
cvssv3.1 Low https://curl.se/docs/CVE-2022-43552.html
cvssv3.1 5.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43552
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43552
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json
https://api.first.org/data/v1/epss?cve=CVE-2022-43552
https://curl.se/docs/CVE-2022-43552.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
http://seclists.org/fulldisclosure/2023/Mar/17
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1764858
https://security.netapp.com/advisory/ntap-20230214-0002/
https://support.apple.com/kb/HT213670
1026830 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830
2152652 https://bugzilla.redhat.com/show_bug.cgi?id=2152652
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552
GLSA-202310-12 https://security.gentoo.org/glsa/202310-12
RHSA-2023:2478 https://access.redhat.com/errata/RHSA-2023:2478
RHSA-2023:2963 https://access.redhat.com/errata/RHSA-2023:2963
RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
RHSA-2023:7743 https://access.redhat.com/errata/RHSA-2023:7743
RHSA-2024:0428 https://access.redhat.com/errata/RHSA-2024:0428
USN-5788-1 https://usn.ubuntu.com/5788-1/
USN-5894-1 https://usn.ubuntu.com/5894-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-43552
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-43552
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.25853
EPSS Score 0.00085
Published At June 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.