CVE-2022-27775

Published: Jun 2, 2022Modified: May 27, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Affected (14)

Products: Haxx: Curl · Debian: Debian Linux · Netapp: Hci Bootstrap Os, Clustered Data Ontap, Solidfire & Hci Management Node, Solidfire & Hci Storage Node, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · +2 more

Show all products

Haxx: Curl · Debian: Debian Linux · Netapp: Hci Bootstrap Os, Clustered Data Ontap, Solidfire & Hci Management Node, Solidfire & Hci Storage Node, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · Brocade: Fabric Operating System · Splunk: Universal Forwarder

1 product

1 product

8 products

Solidfire & Hci Management Node

Solidfire & Hci Storage Node

1 product

Fabric Operating System

Splunk

1 product

Universal Forwarder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	From 7.65.0 to 7.82.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci Bootstrap Os	All versions

Running on/with	Platform Versions
Netapp Hci Compute Node	All versions

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Brocade Fabric Operating System	All versions
Netapp Clustered Data Ontap	All versions
Netapp Solidfire & Hci Management Node	All versions
Netapp Solidfire & Hci Storage Node	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration I

3 vulnerable

Vulnerable Software	Affected Versions
Splunk Universal Forwarder	From 8.2.0 to 8.2.12
Splunk Universal Forwarder	From 9.0.0 to 9.0.6
Splunk Universal Forwarder	Version 9.1.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (9)

https://hackerone.com/reports/1546268

Source: support@hackerone.com

ExploitThird Party Advisory

https://security.gentoo.org/glsa/202212-01

Source: support@hackerone.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220609-0008/

Source: support@hackerone.com

Third Party Advisory

https://www.debian.org/security/2022/dsa-5197

Source: support@hackerone.com

Third Party Advisory

https://hackerone.com/reports/1546268

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://security.gentoo.org/glsa/202212-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220609-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2022/dsa-5197

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://hackerone.com/reports/1546268

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.