← Back

CVE-2022-27781

nvd nist
Published: Jun 2, 2022Modified: May 27, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Affected (15)

Show all products
Haxx: Curl · Debian: Debian Linux · Netapp: Hci Bootstrap Os, Clustered Data Ontap, Hci Compute Node, Solidfire, Enterprise Sds & Hci Storage Node, Solidfire & Hci Management Node, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · Splunk: Universal Forwarder
Haxx
1 product
Curl
Debian
1 product
Debian Linux
Netapp
9 products
Hci Bootstrap Os
Clustered Data Ontap
Hci Compute Node
Solidfire, Enterprise Sds & Hci Storage Node
Solidfire & Hci Management Node
H300s Firmware
H500s Firmware
H700s Firmware
H410s Firmware
Splunk
1 product
Universal Forwarder
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Curl
Before 7.83.1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Hci Bootstrap Os
All versions
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Clustered Data Ontap
All versions
Hci Compute Node
All versions
Solidfire, Enterprise Sds & Hci Storage Node
All versions
Solidfire & Hci Management Node
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration I
3 vulnerable
Vulnerable SoftwareAffected Versions
Splunk
Universal Forwarder
From 8.2.0 to 8.2.12
Universal Forwarder
From 9.0.0 to 9.0.6
Universal Forwarder
Version 9.1.0

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (11)

Source: support@hackerone.com
ExploitThird Party Advisory
Source: support@hackerone.com
Mailing ListThird Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.