You are here

Home › Curl: Vulnerability fixed in Version 7.83.0

Curl: Vulnerability fixed in Version 7.83.0

Submitted on 4. July 2022 - 17:40 by rischi.
Last update on 5. July 2022 - 8:51.
IDs: 
CVE-2022-32208, CVE-2022-32207, CVE-2022-32206, CVE-2022-32205
Keywords: 
curl
Description: 

Curl released version 7.83.0 fixing 4 vulnerabilities [1].

No action required for Airlock Gateway

Details:

  • CVE-2022-32208: FTP in curl can be used to fetch CRLs on Airlock Gateway [2]. The vulnerability is not relevant because krb5 is not used with curl.
  • CVE-2022-32207: Not relevant because curls cookie handling code is not used.
  • CVE-2022-32206: Not relevant because back-ends are trusted and attackers can not influence the back-end compression in a way to trigger this decompression bomb.
  • CVE-2022-32205: Not relevant because curls cookie handling code is not used. Airlock Gateway further implements limits for its own cookie store to prevent similar attacks.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Vulnerabilities in curl 7.83.1
[2] Automatic update of CRLs
© Ergon Informatik AG