CURL-CVE-2022-27780

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2022-27780.html

Import Source

https://curl.se/docs/CURL-CVE-2022-27780.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2022-27780

Aliases

CVE-2022-27780

Published

2022-05-11T08:00:00Z

Modified

2024-06-07T13:53:51Z

Summary

percent-encoded path separator in URL host

Details

The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved.

For example, a URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get transposed into http://example.com/10.0.0.1/. This flaw can be used to circumvent filters, checks and more.

References

Credits

- Axel Chong - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.80.0

Fixed

7.83.1

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

9a8564a920188e49d5bd8c1c8573ddef97f6e03a

Fixed

914aaab9153764ef8fa4178215b8ad89d3ac263a

Affected versions

7.*

7.80.0

7.81.0

7.82.0

7.83.0