CVE-2022-27781

high Splunk
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 77% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: June 2, 2022 (1441 days ago)
Last Modified: April 16, 2026
Vendor: Splunk
Source: NVD

Description

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

CWE

CWE-400

Affected Products

haxx curldebian debian linuxnetapp hci bootstrap osnetapp clustered data ontapnetapp solidfire\, enterprise sds \& hci storage nodenetapp solidfire \& hci management nodenetapp hci compute nodenetapp h300s firmwarenetapp h500s firmwarenetapp h700s firmware

References

🔗 hackerone.com 🔗 lists.debian.org 🔗 security.gentoo.org 🔗 security.netapp.com 🔗 www.debian.org