An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "curl 7.65.0 to 7.82.0 are vulnerable"
},
{
"last_affected": "curl 7.65.0 to 7.82.0 are vulnerable"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27775.json",
"cna_assigner": "hackerone",
"cwe_ids": [
"CWE-200"
]
}