CVE-2022-22576 An authentication vulnerability in curl 7.33 to 7.82 might allow attackers to reuse OAuth2-authenticated connections.

CVE-2022-22576 An authentication vulnerability in curl 7.33 to 7.82 might allow attackers to reuse OAuth2-authenticated connections.

A malicious or compromised remote server could send an authorised request to the client computer with the same credentials as were used for the initial authentication, potentially leading to a situation where the client computer accepts another request with the same credentials as the initial request. This results in an XSS or CSRF attack from the server to the client (depending on the type of request). An attacker could use this vulnerability to steal the client's session cookie, or to impersonate the client to the server. This could be used to exploit other vulnerabilities on the client.  An attacker could use this vulnerability to trick the client into re-authenticating with a malicious server.  An attacker could use this vulnerability to trick the client into re-authenticating with a malicious server.
Affected cURL releases: cURL 7.82.0 = 7.82.0 versions are vulnerable

CVE-2018-1585 An information disclosure vulnerability exists in curl 7.62.0 to and including 7.62.1 which might allow remote attackers to determine information about the layout of the program stack. This could be used to determine code objects and other metrics about the application. CVE-2018-1587 A denial of service vulnerability exists in curl 7.56.0 to and including 7.62.1 in the DNS code which might allow remote attackers to cause the application to crash by sending an overly long DNS request (RFC1ab) to the server. This can be used to exploit other vulnerabilities on

References === Click Here ===

The 5 Most Common Mistakes to Avoid When Out-Sourcing SEO

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe