CVE-2022-43551: Buffer Overflow

Published Dec 12, 2022
·
Updated

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

Other sources

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given URL first uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. In that case, it can bypass the HSTS mechanism using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the information, IDN encoded but looked for it as IDN decoded.

AMD. A buffer overflow issue was addressed with improved memory handling.

Apple

AMD. The issue was addressed with improved bounds checks.

Apple

App Store. A privacy issue was addressed with improved private data redaction for log entries.

Apple

Apple Neural Engine. This issue was addressed with improved checks.

Apple

Credit

CVE-2022-43551, CVE-2022-43552, ABC Research s.r.o., Mohamed Ghannam@@_simo36, Wojciech Reguła@@_r3ggi(SecuRing), Mickey Jin@@patch1t, Adam M., Brandon Dalton@@partyD0lphin(Red Canary), Chan Shue Long(Offensive Security), (Offensive Security), Csaba Fitzl@@theevilbit(Offensive Security), Rıza Sabuncu@@rizasabuncu, Yiğit Can YILMAZ@@yilmazcanyigit, JeongOhKyea, Tingting Yin(Tsinghua University), Junoh Lee at Theori, Aleksandar Nikolic(Cisco Talos), Mikko Kenttälä )@@Turmio_(SensorFu), Joshua Jones, Ye Zhang@@VAR10CK(Baidu Security), an anonymous researcher, Jubaer Alnazi(TRS Group of Companies), jzhu(Trend Micro Zero Day Initiative), Meysam Firouzi@@R00tkitSMM(Mbition Mercedes), ryuzaki, Murray Mike, Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Arsenii Kostromin (0x3c3e), Félix Poulin-Bélanger, David Pan Ogea, Xinru Chi(Pangu Lab), Ned Williamson(Google Project Zero), Adam Doupé(ASU SEFCOM), sqrtpwn, an anonymous researcher(Red Canary), Milan Tenk(F), (F), Arthur Valiev(F), Zweig(Kunlun Lab), Zhuowei Zhang, developStorm, Khiem Tran, Mickey Jin@@patch1t(FFRI Security Inc), Koh M. Nakagawa(FFRI Security Inc), Masahiro Kawada@@kawakatz(GMO Cybersecurity by Ierae), Jubaer Alnazi Jabin(TRS Group Of Companies), (Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Guilherme Rambo(Best Buddy Apps), Xin Huang@@11iaxH, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, Gertjan Franken(imec), KU Leuven, hazbinhotel(Trend Micro Zero Day Initiative), Georgy Kucherin@@kucher1n(Kaspersky), Leonid Bezvershenko@@bzvr_(Kaspersky), Boris Larin@@oct0xor(Kaspersky), (Kaspersky), Valentin Pashkov(Kaspersky), Anonymous(Trend Micro Zero Day Initiative), Dohyun Lee@@l33d0hyun(SSD Labs), crixer@@pwning_me(SSD Labs)

Affected Software

16 affected componentsFixes available
redhat/jbcs-httpd24-curl<0:8.0.1-1.el8
0:8.0.1-1.el8
redhat/jbcs-httpd24-curl<0:8.0.1-1.el7
0:8.0.1-1.el7
redhat/curl<7.87.0
7.87.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Apple macOS Ventura<13.3
13.3
haxx curl>=7.77.0<7.87.0
Fedoraproject Fedora=37
NetApp Active Iq Unified Manager Vmware Vsphere
NetApp Active Iq Unified Manager Windows
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
NetApp Snapcenter
Splunk Universal Forwarder>=8.2.0<8.2.12
Splunk Universal Forwarder>=9.0.0<9.0.6
Splunk Universal Forwarder=9.1.0

Event History

Dec 21, 2022
CVE Published
12:00 AM
Dec 23, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Mar 27, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2022-43551?

The severity of CVE-2022-43551 is high.

2

How does the vulnerability in CVE-2022-43551 occur?

The vulnerability in CVE-2022-43551 occurs when curl's HSTS check is bypassed.

3

Which software versions are affected by CVE-2022-43551?

The affected software versions are Apple macOS Ventura up to version 13.3, curl up to version 7.87.0, jbcs-httpd24-curl up to version 0:8.0.1-1.el8, and jbcs-httpd24-curl up to version 0:8.0.1-1.el7.

4

How can I fix CVE-2022-43551?

To fix CVE-2022-43551, update curl to version 7.87.0 or higher.

5

Where can I find more information about CVE-2022-43551?

You can find more information about CVE-2022-43551 at the following references: [Link 1](https://curl.se/docs/CVE-2022-43551.html), [Link 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2155433), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2155434).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203