libcurl provides the CURLOPT_CERTINFO
option to allow applications to
request details to be returned about a TLS server's certificate chain.
Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.
{ "package": "curl", "last_affected": "7.83.0", "www": "https://curl.se/docs/CVE-2022-27781.html", "URL": "https://curl.se/docs/CVE-2022-27781.json", "affects": "lib", "severity": "Low", "CWE": { "id": "CWE-835", "desc": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "issue": "https://hackerone.com/reports/1555441" }