ByteOS Network

NVD Vulnerability Details :

CVE-2022-32208

Modified

Source-support@hackerone.com

Published At-07 Jul, 2022 | 13:15

Updated At-05 May, 2025 | 17:18

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

CURL

>>curl>>Versions from 7.16.4(inclusive) to 7.84.0(exclusive)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>35

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>10.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>11.0

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

NetApp, Inc.

>>clustered_data_ontap>>-

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

NetApp, Inc.

>>element_software>>-

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

NetApp, Inc.

>>hci_management_node>>-

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

NetApp, Inc.

>>solidfire>>-

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

NetApp, Inc.

>>hci_compute_node>>-

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

NetApp, Inc.

>>bootstrap_os>>-

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h300s>>-

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h300s_firmware>>-

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h500s>>-

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h500s_firmware>>-

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h700s>>-

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h700s_firmware>>-

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h410s_firmware>>-

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h410s>>-

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions before 13.0(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Splunk LLC (Cisco Systems, Inc.)

>>universal_forwarder>>Versions from 8.2.0(inclusive) to 8.2.12(exclusive)

cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*

Splunk LLC (Cisco Systems, Inc.)

>>universal_forwarder>>Versions from 9.0.0(inclusive) to 9.0.6(exclusive)

cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*

Splunk LLC (Cisco Systems, Inc.)

>>universal_forwarder>>9.1.0

cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-840	Secondary	support@hackerone.com
CWE-787	Primary	nvd@nist.gov

CWE ID: CWE-840

Type: Secondary

Source: support@hackerone.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://seclists.org/fulldisclosure/2022/Oct/28	support@hackerone.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41	support@hackerone.com	Mailing List Third Party Advisory
https://hackerone.com/reports/1590071	support@hackerone.com	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html	support@hackerone.com	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/	support@hackerone.com	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202212-01	support@hackerone.com	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220915-0003/	support@hackerone.com	Third Party Advisory
https://support.apple.com/kb/HT213488	support@hackerone.com	Third Party Advisory
https://www.debian.org/security/2022/dsa-5197	support@hackerone.com	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://hackerone.com/reports/1590071	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202212-01	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220915-0003/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT213488	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2022/dsa-5197	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory