CVE-2022-27782

7.5 HIGH

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reu...

Published: 2022-06-02 · Last updated: 2026-05-27

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-295, CWE-840

Affected products

Vendor	Product
debian	curl, debian_linux, universal_forwarder
haxx	curl, debian_linux, universal_forwarder
splunk	curl, debian_linux, universal_forwarder

Description

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2022-27782
[Other]http://www.openwall.com/lists/oss-security/2023/03/20/6
[Exploit reference]https://hackerone.com/reports/1555796
[Other]https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
[Other]https://security.gentoo.org/glsa/202212-01
[Other]https://security.netapp.com/advisory/ntap-20220609-0009/
[Other]https://www.debian.org/security/2022/dsa-5197
[Other]http://www.openwall.com/lists/oss-security/2023/03/20/6
[Exploit reference]https://hackerone.com/reports/1555796
[Other]https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
[Other]https://security.gentoo.org/glsa/202212-01
[Other]https://security.netapp.com/advisory/ntap-20220609-0009/
[Other]https://www.debian.org/security/2022/dsa-5197
[Exploit reference]https://hackerone.com/reports/1555796

Related CVEs

Same vendor

CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9... (6.5 MEDIUM)
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, ... (7.5 HIGH)
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidentia... (6.5 MEDIUM)
CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)

Same CWE

CVE-2026-53475 — A flaw was found in assisted-migration-agent (9.3 CRITICAL)
CVE-2026-9758 — Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered tru... (7.3 HIGH)
CVE-2026-41714 — Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(... (4.0 MEDIUM)
CVE-2026-42769 — Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (... (5.3 MEDIUM)
CVE-2026-41973 — Permission control vulnerability in calls (5.9 MEDIUM)