CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be...
7.5
Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability CVE-2022-27781 describes a busy-loop in libcurl when built with NSS and the CURLOPT_CERTINFO
option is used. A malicious server can cause this loop when libcurl tries to retrieve certificate chain information. The provided commit 5c7da89d404bf59
directly addresses this issue. The patch modifies the display_conn_info
function in lib/vtls/nss.c
. Specifically, it adds a counter within a while
loop that iterates through certificates (while(cert2)
). If the number of certificates exceeds a predefined limit (TOO_MANY_CERTS
), the function now returns an error. This clearly indicates that the while
loop within display_conn_info
was the site of the infinite loop vulnerability. The function display_conn_info
is called when CURLOPT_CERTINFO
is enabled and is responsible for processing the certificate information from the NSS library.