CURL-CVE-2022-27775

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2022-27775.html

Import Source

https://curl.se/docs/CURL-CVE-2022-27775.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2022-27775

Aliases

CVE-2022-27775

Published

2022-04-27T08:00:00Z

Modified

2026-05-27T02:29:38.938262Z

Summary

Bad local IPv6 connection reuse

Details

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup.

Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.

Database specific

{
    "package": "curl",
    "award": {
        "currency": "USD",
        "amount": "480"
    },
    "issue": "https://hackerone.com/reports/1546268",
    "affects": "both",
    "last_affected": "7.82.0",
    "severity": "Low",
    "CWE": {
        "id": "CWE-200",
        "desc": "Exposure of Sensitive Information to an Unauthorized Actor"
    },
    "URL": "https://curl.se/docs/CVE-2022-27775.json",
    "www": "https://curl.se/docs/CVE-2022-27775.html"
}

References

Credits

- Harry Sintonen - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.65.0

Fixed

7.83.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

2d0e9b40d3237b1450cbbfbcb996da244d964898

Fixed

058f98dc3fe595f21dc26a5b9b1699e519ba5705

Affected versions

7.*

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

Other

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0

curl-7_74_0

curl-7_75_0

curl-7_76_0

curl-7_76_1

curl-7_77_0

curl-7_78_0

curl-7_79_0

curl-7_79_1

curl-7_80_0

curl-7_81_0

curl-7_82_0

tiny-curl-7_72_0

Database specific

source

"https://curl.se/docs/CURL-CVE-2022-27775.json"

vanir_signatures_modified

"2026-05-27T02:29:38Z"

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "lib/conncache.c",
            "function": "hashkey"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "64367765119075779025553468148609500840",
            "length": 551.0
        },
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705",
        "id": "CURL-CVE-2022-27775-5e38373e"
    },
    {
        "deprecated": false,
        "target": {
            "file": "lib/conncache.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "248884389636476368898680322381896570386",
                "147333169977412059953814330311619140236",
                "241286620235946974910977415580361700039",
                "317199225891431119959600727241273204395"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705",
        "id": "CURL-CVE-2022-27775-abbd0061"
    }
]