Homepage
About Snyk

Loop with Unreachable Exit Condition ('Infinite Loop') Affecting curl package, versions <7.83.1-r0

0.0
high

Snyk CVSS

    Attack Complexity Low
    Availability High

    Threat Intelligence

    EPSS 0.19% (56th percentile)
Expand this section
NVD
7.5 high
Expand this section
SUSE
3.7 low
Expand this section
Red Hat
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-ALPINE316-CURL-2842206
  • published 24 May 2022
  • disclosed 2 Jun 2022
Report a new vulnerability Found a mistake?

Introduced: 24 May 2022

CVE-2022-27781 Open this link in a new tab
CWE-835 Open this link in a new tab

How to fix?

Upgrade Alpine:3.16 curl to version 7.83.1-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Alpine. See How to fix? for Alpine:3.16 relevant fixed versions and status.

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.