VDB
DEBIAN-CVE-2022-22576
DEBIAN-CVE-2022-22576
PUBLISHED
CVSS 8.100000381469727 HIGH
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | curl | 0, 0, 0 |
| Debian:14 | curl | 0, 0, 0 |
| Debian:13 | curl | 0, 0, 0 |
| Debian:11 | curl | 0, 7.74.0-1.3, 7.74.0-1.3+deb11u1 |
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- May 26, 2022 CVE Published
- Apr 28, 2026 CVE Updated