CVE-2022-22576
Publication date 27 April 2022
Last updated 25 August 2025
Ubuntu priority
Description
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| curl | 22.04 LTS jammy |
Fixed 7.81.0-1ubuntu1.1
|
| 20.04 LTS focal |
Fixed 7.68.0-1ubuntu2.10
|
|
| 18.04 LTS bionic |
Fixed 7.58.0-2ubuntu3.17
|
|
| 16.04 LTS xenial | Ignored not-in-code | |
| 14.04 LTS trusty | Ignored not-in-code |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.1 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-5397-1
- curl vulnerabilities
- 28 April 2022