USN-5495-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5495-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5495-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5495-2

Published

2025-09-29T11:26:27.081609Z

Modified

2025-10-13T04:35:59Z

Summary

curl regression

Details

USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem.

Original advisory details:

Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)

Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-2022-32208)

References

Affected packages

Ubuntu:22.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.81.0-1ubuntu1.21

Affected versions

7.*

7.74.0-1.3ubuntu2

7.74.0-1.3ubuntu3

7.80.0-3

7.81.0-1

7.81.0-1ubuntu1.1

7.81.0-1ubuntu1.2

7.81.0-1ubuntu1.3

7.81.0-1ubuntu1.4

7.81.0-1ubuntu1.6

7.81.0-1ubuntu1.7

7.81.0-1ubuntu1.8

7.81.0-1ubuntu1.10

7.81.0-1ubuntu1.11

7.81.0-1ubuntu1.13

7.81.0-1ubuntu1.14

7.81.0-1ubuntu1.15

7.81.0-1ubuntu1.16

7.81.0-1ubuntu1.17

7.81.0-1ubuntu1.18

7.81.0-1ubuntu1.19

7.81.0-1ubuntu1.20

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "curl",
            "binary_version": "7.81.0-1ubuntu1.21"
        },
        {
            "binary_name": "libcurl3-gnutls",
            "binary_version": "7.81.0-1ubuntu1.21"
        },
        {
            "binary_name": "libcurl3-nss",
            "binary_version": "7.81.0-1ubuntu1.21"
        },
        {
            "binary_name": "libcurl4",
            "binary_version": "7.81.0-1ubuntu1.21"
        },
        {
            "binary_name": "libcurl4-gnutls-dev",
            "binary_version": "7.81.0-1ubuntu1.21"
        },
        {
            "binary_name": "libcurl4-nss-dev",
            "binary_version": "7.81.0-1ubuntu1.21"
        },
        {
            "binary_name": "libcurl4-openssl-dev",
            "binary_version": "7.81.0-1ubuntu1.21"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:22.04:LTS"
}