Miggo Logo

CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be...

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.19909%
Published
6/3/2022
Updated
4/7/2024
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability CVE-2022-27781 describes a busy-loop in libcurl when built with NSS and the CURLOPT_CERTINFO option is used. A malicious server can cause this loop when libcurl tries to retrieve certificate chain information. The provided commit 5c7da89d404bf59 directly addresses this issue. The patch modifies the display_conn_info function in lib/vtls/nss.c. Specifically, it adds a counter within a while loop that iterates through certificates (while(cert2)). If the number of certificates exceeds a predefined limit (TOO_MANY_CERTS), the function now returns an error. This clearly indicates that the while loop within display_conn_info was the site of the infinite loop vulnerability. The function display_conn_info is called when CURLOPT_CERTINFO is enabled and is responsible for processing the certificate information from the NSS library.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

li**url provi**s t** `*URLOPT_**RTIN*O` option to *llow *ppli**tions tor*qu*st **t*ils to ** r*turn** **out * s*rv*r's **rti*i**t* ***in.*u* to *n *rron*ous *un*tion, * m*li*ious s*rv*r *oul* m*k* li**url *uilt wit*NSS **t stu*k in * n*v*r-*n*in* *us

Reasoning

T** vuln*r**ility *V*-****-***** **s*ri**s * *usy-loop in li**url w**n *uilt wit* NSS *n* t** `*URLOPT_**RTIN*O` option is us**. * m*li*ious s*rv*r **n **us* t*is loop w**n li**url tri*s to r*tri*v* **rti*i**t* ***in in*orm*tion. T** provi*** *ommit