Vulnerabilities > CVE-2022-32208 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

NVD

Published: 2022-07-07

Updated: 2024-03-27

Summary

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Vulnerable Configurations

Part	Description	Count
Application	Haxx Haxx Curl 7.16.4 Haxx Curl 7.17.0 Haxx Curl 7.17.1 Haxx Curl 7.18.0 Haxx Curl 7.18.1 Haxx Curl 7.18.2 Haxx Curl 7.19.0 Haxx Curl 7.19.1 Haxx Curl 7.19.2 Haxx Curl 7.19.3 Haxx Curl 7.19.4 Haxx Curl 7.19.5 Haxx Curl 7.19.6 Haxx Curl 7.19.7 Haxx Curl 7.19.7-53 Haxx Curl 7.20.0 Haxx Curl 7.20.1 Haxx Curl 7.21.0 Haxx Curl 7.21.1 Haxx Curl 7.21.2 Haxx Curl 7.21.3 Haxx Curl 7.21.4 Haxx Curl 7.21.5 Haxx Curl 7.21.6 Haxx Curl 7.21.7 Haxx Curl 7.22.0 Haxx Curl 7.23.0 Haxx Curl 7.23.1 Haxx Curl 7.24.0 Haxx Curl 7.25.0 Haxx Curl 7.26.0 Haxx Curl 7.27.0 Haxx Curl 7.28.0 Haxx Curl 7.28.1 Haxx Curl 7.29.0 Haxx Curl 7.30.0 Haxx Curl 7.31.0 Haxx Curl 7.32.0 Haxx Curl 7.33.0 Haxx Curl 7.34.0 Haxx Curl 7.35.0 Haxx Curl 7.36.0 Haxx Curl 7.37.0 Haxx Curl 7.37.1 Haxx Curl 7.38.0 Haxx Curl 7.39.0 Haxx Curl 7.40.0 Haxx Curl 7.41.0 Haxx Curl 7.42.0 Haxx Curl 7.42.1 Haxx Curl 7.43.0 Haxx Curl 7.44.0 Haxx Curl 7.45.0 Haxx Curl 7.46.0 Haxx Curl 7.47.0 Haxx Curl 7.47.1 Haxx Curl 7.48.0 Haxx Curl 7.49.0 Haxx Curl 7.49.1 Haxx Curl 7.50.0 Haxx Curl 7.50.1 Haxx Curl 7.50.2 Haxx Curl 7.50.3 Haxx Curl 7.51.0 Haxx Curl 7.52.0 Haxx Curl 7.52.1 Haxx Curl 7.53.0 Haxx Curl 7.53.1 Haxx Curl 7.54.0 Haxx Curl 7.54.1 Haxx Curl 7.55.0 Haxx Curl 7.55.1 Haxx Curl 7.56.0 Haxx Curl 7.56.1 Haxx Curl 7.57.0 Haxx Curl 7.58.0 Haxx Curl 7.59.0 Haxx Curl 7.60.0 Haxx Curl 7.61.0 Haxx Curl 7.61.1 Haxx Curl 7.62.0 Haxx Curl 7.63.0 Haxx Curl 7.64.0 Haxx Curl 7.64.1 Haxx Curl 7.65.0 Haxx Curl 7.65.1 Haxx Curl 7.65.2 Haxx Curl 7.65.3 Haxx Curl 7.66.0 Haxx Curl 7.67.0 Haxx Curl 7.68.0 Haxx Curl 7.69.0 Haxx Curl 7.69.1 Haxx Curl 7.70.0 Haxx Curl 7.71.0 Haxx Curl 7.71.1 Haxx Curl 7.72.0 Haxx Curl 7.73.0 Haxx Curl 7.74.0 Haxx Curl 7.75.0 Haxx Curl 7.76.0 Haxx Curl 7.76.1 Haxx Curl 7.77.0 Haxx Curl 7.78.0 Haxx Curl 7.79.0 Haxx Curl 7.79.1 Haxx Curl 7.80.0 Haxx Curl 7.81.0 Haxx Curl 7.82.0 Haxx Curl 7.83.0 Haxx Curl 7.83.1	113
Application	Netapp Netapp Element Software - Netapp Clustered Data Ontap - Netapp Solidfire - Netapp HCI Management Node -	4
Application	Splunk Splunk Universal Forwarder 9.1.0 Splunk Universal Forwarder 9.0.0 Splunk Universal Forwarder 9.0.1 Splunk Universal Forwarder 9.0.2 Splunk Universal Forwarder 9.0.3 Splunk Universal Forwarder 9.0.4 Splunk Universal Forwarder 9.0.5 Splunk Universal Forwarder 8.2.0 Splunk Universal Forwarder 8.2.6 Splunk Universal Forwarder 8.2.7 Splunk Universal Forwarder 8.2.8 Splunk Universal Forwarder 8.2.9 Splunk Universal Forwarder 8.2.10 Splunk Universal Forwarder 8.2.11	14
OS	Fedoraproject Fedoraproject Fedora 35	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2
OS	Netapp Netapp Bootstrap OS - Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H410S Firmware -	5
OS	Apple Apple Macos - Apple Macos 1.0 Apple Macos 7.5.3 Apple Macos 7.6 Apple Macos 7.6.1 Apple Macos 8.0 Apple Macos 8.1 Apple Macos 8.5 Apple Macos 8.6 Apple Macos 9 Apple Macos 9.0 Apple Macos 10.15.7 Apple Macos 11.0 Apple Macos 11.0.1 Apple Macos 11.1 Apple Macos 11.1.0 Apple Macos 11.2 Apple Macos 11.2.1 Apple Macos 11.3 Apple Macos 11.3.1 Apple Macos 11.4 Apple Macos 11.5 Apple Macos 11.6 Apple Macos 11.6.1 Apple Macos 11.6.2 Apple Macos 11.6.3 Apple Macos 11.6.5 Apple Macos 11.6.6 Apple Macos 11.6.7 Apple Macos 11.6.8 Apple Macos 11.7 Apple Macos 11.7.1 Apple Macos 11.7.2 Apple Macos 11.7.3 Apple Macos 11.7.5 Apple Macos 11.7.6 Apple Macos 11.7.7 Apple Macos 11.7.9 Apple Macos 12.0 Apple Macos 12.0.0 Apple Macos 12.0.1 Apple Macos 12.1 Apple Macos 12.2 Apple Macos 12.2.1 Apple Macos 12.3 Apple Macos 12.4 Apple Macos 12.5 Apple Macos 12.5.1 Apple Macos 12.6 Apple Macos 12.6.1 Apple Macos 12.6.2 Apple Macos 12.6.3 Apple Macos 12.6.4 Apple Macos 12.6.5 Apple Macos 12.6.6 Apple Macos 12.6.7 Apple Macos 12.6.8 Apple Macos 12.7 Apple Macos 12.7.1 Apple Macos 12.7.2 Apple Macos 12.7.3 Apple Macos 12.7.4 Apple Macos 12.7.5 Apple Macos 12.7.6	77
Hardware	Netapp Netapp HCI Compute Node - Netapp H300S - Netapp H500S - Netapp H700S - Netapp H410S -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.