libcurl provides the CURLOPT_CERTINFO
option to allow applications to
request details to be returned about a TLS server's certificate chain.
Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.
{ "CWE": { "desc": "Loop with Unreachable Exit Condition ('Infinite Loop')", "id": "CWE-835" }, "issue": "https://hackerone.com/reports/1555441", "URL": "https://curl.se/docs/CVE-2022-27781.json", "www": "https://curl.se/docs/CVE-2022-27781.html", "package": "curl", "severity": "Low", "last_affected": "7.83.0", "affects": "lib" }