What is CVE-2022-27780?

CVE-2022-27780 is a vulnerability in Https://github.com/curl/curl, classified under CWE-177. Published 2022-06-01.

Is CVE-2022-27780 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Https://github.com/curl/curl

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.c…

EPSS: 0.002 (40.2th percentile) — read the EPSS interpretation.

Affected products

N/a Https://github.com/curl/curl — versions Fixed in 7.83.1

Weakness classification (CWE)

CWE-177

Public proof-of-concept exploits

ARPSyndicate/cvemon
fokypoky/places-list

References

hackerone.com/reports/1553841
security.netapp.com/advisory/ntap-20220609-0009/
GLSA-202212-01 (vendor-advisory)

Frequently asked questions

What is CVE-2022-27780?: CVE-2022-27780 is a vulnerability in Https://github.com/curl/curl, classified under CWE-177. Published 2022-06-01.
Is CVE-2022-27780 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.