CVE-2022-32206
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-32206
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32206.json
- Aliases
- Related
- Published
- 2022-07-07T13:15:08Z
- Modified
- 2024-05-14T11:59:59.411836Z
- Summary
- [none]
- Details
-
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
- References
-
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20220915-0003/
- https://www.debian.org/security/2022/dsa-5197
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://www.openwall.com/lists/oss-security/2023/02/15/3
- https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
- https://hackerone.com/reports/1570651
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://support.apple.com/kb/HT213488
Affected packages
Alpine:v3.13 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.79.1-r2
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.74.0-r1
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r1
7.79.0-r1
7.79.1-r1
Alpine:v3.14 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.79.1-r2
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.79.0-r0
7.79.1-r0
7.79.1-r1
Alpine:v3.15 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.80.0-r2
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.80.0-r1
Alpine:v3.16 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.83.1-r2
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
Alpine:v3.17 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.84.0-r0
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
Alpine:v3.18 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.84.0-r0
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
Alpine:v3.19 / curl
Package
- Name
- curl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed7.84.0-r0
Affected versions
7.*
7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1