CVE-2022-43552

MEDIUM Year: 2022
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Related Vulnerabilities

CVE-2016-7180

MEDIUM
CVSS:5.9(Medium)

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial o...

CWE-4162016

CVE-2016-9373

MEDIUM
CVSS:5.9(Medium)

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dce...

CWE-4162016

CVE-2017-12133

MEDIUM
CVSS:5.9(Medium)

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors rela...

CWE-4162017

CVE-2017-15271

MEDIUM
CVSS:5.9(Medium)

A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically rest...

CWE-4162017

CVE-2018-11412

MEDIUM
CVSS:5.9(Medium)

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stor...

CWE-4162018

CVE-2020-8649

MEDIUM
CVSS:5.9(Medium)

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

CWE-4162020