Sign In

CVE-2022-27781

ADVISORY - nist

Summary

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

EPSS Score: 0.00077 (0.230)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400

Uncontrolled Resource Consumption

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in