CVE-2022-32208

ADVISORY - nist

Summary

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

EPSS Score⁠: 0.00305 (0.533)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-787⁠

Out-of-bounds Write

CWE-840⁠

Business Logic Errors

ADVISORY - redhat

CWE-924⁠

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.