CVE-2022-32208

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 11 (hide)

OR cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*

History

27 Mar 2024, 15:00

Type Values Removed Values Added
First Time Splunk universal Forwarder
Splunk
CPE cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - Mailing List, Third Party Advisory

19 Dec 2022, 04:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202212-01 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/28 -

04 Nov 2022, 02:36

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213488 - (CONFIRM) https://support.apple.com/kb/HT213488 - Third Party Advisory
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

25 Oct 2022, 21:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213488 -

16 Sep 2022, 19:51

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0003/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory

15 Sep 2022, 18:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0003/ -
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html -

02 Aug 2022, 03:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5197 -

15 Jul 2022, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ -

14 Jul 2022, 17:40

Type Values Removed Values Added
References (MISC) https://hackerone.com/reports/1590071 - (MISC) https://hackerone.com/reports/1590071 - Exploit, Third Party Advisory
CPE cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 5.9
CWE CWE-787

07 Jul 2022, 13:17

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-07 13:15

Updated : 2024-03-27 15:00


NVD link : CVE-2022-32208

Mitre link : CVE-2022-32208

CVE.ORG link : CVE-2022-32208


JSON object : View

Products Affected

netapp

  • clustered_data_ontap
  • element_software
  • h500s
  • solidfire
  • h300s
  • h300s_firmware
  • bootstrap_os
  • h700s_firmware
  • h410s_firmware
  • hci_compute_node
  • h700s
  • h410s
  • hci_management_node
  • h500s_firmware

debian

  • debian_linux

fedoraproject

  • fedora

splunk

  • universal_forwarder

haxx

  • curl

apple

  • macos
CWE
CWE-787

Out-of-bounds Write

CWE-840

Business Logic Errors