curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CVE-2022-22623

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 17 Mar 2022 11:03:48 +0100 (CET)

On Thu, 17 Mar 2022, Phil Cole via curl-library wrote:

> Doing a search for the CVE pulled up, for me, the Apple page and this one:
> https://www.cybersecurity-help.cz/vdb/SB2022031431. Doesn't really say very
> much other than security restrictions can be bypassed due to an unspecified
> vulnerability in curl.

I find it almost amusing how much detail many sites post about CVE-2022-22623
when all that exists is the mention by Apple and a reserved ID at MITRE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22623

It being reserved doesn't mean much, as there are literally hundreds if not
thousands of such reserved IDs at any one time.

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2022-03-17

This message: [ Message body ]
Next message: Henrik Holst via curl-library: "Re: Fedora and curl-minimal"
Previous message: Phil Cole via curl-library: "Re: CVE-2022-22623"
In reply to: Phil Cole via curl-library: "Re: CVE-2022-22623"
Next in thread: Daniel Stenberg via curl-library: "Re: CVE-2022-22623"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]