UBUNTU-CVE-2022-42916

Source
https://ubuntu.com/security/CVE-2022-42916
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42916.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-42916
Related
Published
2022-10-26T07:00:00Z
Modified
2022-10-26T07:00:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

References

Affected packages

Ubuntu:22.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.81.0-1ubuntu1.6

Affected versions

7.*

7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.6",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}