{"id":"CURL-CVE-2022-42915","summary":"HTTP proxy double free","details":"If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it\nsets up the connection to the remote server by issuing a `CONNECT` request to\nthe proxy, and then *tunnels* the rest of protocol through.\n\nAn HTTP proxy might refuse this request (HTTP proxies often only allow\noutgoing connections to specific port numbers, like 443 for HTTPS) and instead\nreturn a non-200 response code to the client.\n\nDue to flaws in the error/cleanup handling, this could trigger a double free\nin curl if one of the following schemes were used in the URL for the transfer:\n`dict`, `gopher`, `gophers`, `ldap`, `ldaps`, `rtmp`, `rtmps`, `telnet`","aliases":["CVE-2022-42915"],"modified":"2026-04-25T20:38:35.622620Z","published":"2022-10-26T08:00:00Z","database_specific":{"CWE":{"desc":"Double Free","id":"CWE-415"},"issue":"https://hackerone.com/reports/1722065","package":"curl","affects":"both","URL":"https://curl.se/docs/CVE-2022-42915.json","severity":"Medium","last_affected":"7.85.0","www":"https://curl.se/docs/CVE-2022-42915.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.77.0"},{"fixed":"7.86.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"51c0ebcff2140c38ff389b4fcfb8216f5e9d198c"},{"fixed":"55e1875729f9d9fc7315cec611bffbd2c817ad89"}]}],"versions":["7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0"],"database_specific":{"vanir_signatures_modified":"2026-04-25T20:38:35Z","source":"https://curl.se/docs/CURL-CVE-2022-42915.json","vanir_signatures":[{"signature_type":"Function","deprecated":false,"source":"https://github.com/curl/curl.git/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89","target":{"file":"lib/http_proxy.c","function":"Curl_connect_done"},"id":"CURL-CVE-2022-42915-125b418e","digest":{"length":527,"function_hash":"226327460246653662448846497491134006111"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"source":"https://github.com/curl/curl.git/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89","target":{"file":"lib/http_proxy.c"},"id":"CURL-CVE-2022-42915-4867a104","digest":{"threshold":0.9,"line_hashes":["158114886868495798877842790766691572542","195448685393579191228496467267246686233","246750523063631361536564476188353539776","169418111843831679451902028233861237306","73888404607694589852488371095615032425","99856035058228946158526628147305821260"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"source":"https://github.com/curl/curl.git/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89","target":{"file":"lib/url.c"},"id":"CURL-CVE-2022-42915-5556bf4b","digest":{"threshold":0.9,"line_hashes":["177451911580205599819902892399272658207","18979437576756851400481743608790032006","112987992078600650018122635257174512225","303360216041138442537420461957947444844","233777828321737175190480280607811020604","291915020736212175739033698376692060999","307551408548938766528468341014658816741","98704575424883992364110184880973667721","234872535971063404315657861979358401871"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"source":"https://github.com/curl/curl.git/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89","target":{"file":"lib/url.c","function":"conn_shutdown"},"id":"CURL-CVE-2022-42915-6a6ae19d","digest":{"length":955,"function_hash":"187535491448722630308343232603697012508"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","credits":[{"name":"Trail of Bits","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}