7.5
CVE-2022-27781
- EPSS 0.05%
- Published 02.06.2022 14:15:44
- Last modified 21.11.2024 06:56:10
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Netapp ≫ Hci Bootstrap Os Version-
Netapp ≫ Clustered Data Ontap Version-
Netapp ≫ Solidfire & Hci Management Node Version-
Netapp ≫ Hci Compute Node Version-
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H410s Firmware Version-
Splunk ≫ Universal Forwarder Version >= 8.2.0 < 8.2.12
Splunk ≫ Universal Forwarder Version >= 9.0.0 < 9.0.6
Splunk ≫ Universal Forwarder Version9.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.169 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.