{"id":"CURL-CVE-2022-43552","summary":"HTTP Proxy deny use after free","details":"curl can be asked to *tunnel* virtually all protocols it supports through an\nHTTP proxy. HTTP proxies can (and often do) deny such tunnel operations using\nan appropriate HTTP error response code.\n\nWhen getting denied to tunnel the specific protocols SMB or TELNET, curl would\nuse a heap-allocated struct after it had been freed, in its transfer shutdown\ncode path.","aliases":["CVE-2022-43552"],"modified":"2026-04-25T20:38:34.677934Z","published":"2022-12-21T08:00:00Z","database_specific":{"last_affected":"7.86.0","www":"https://curl.se/docs/CVE-2022-43552.html","URL":"https://curl.se/docs/CVE-2022-43552.json","severity":"Low","package":"curl","affects":"both","issue":"https://hackerone.com/reports/1764858","CWE":{"desc":"Use After Free","id":"CWE-416"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.16.0"},{"fixed":"7.87.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"b7eeb6e67fca686f840eacd6b8394edb58b07482"},{"fixed":"4f20188ac644afe174be6005ef4f6ffba232b8b2"}]}],"versions":["7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2022-43552.json","vanir_signatures_modified":"2026-04-25T20:38:34Z","vanir_signatures":[{"source":"https://github.com/curl/curl.git/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2","digest":{"threshold":0.9,"line_hashes":["255910319663776633146723347545422012614","310683115659480631562881699993426342143","55654600510837387652142868888696446564","195543866172951315888848694761701058819"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"lib/telnet.c"},"id":"CURL-CVE-2022-43552-5bac7683"},{"source":"https://github.com/curl/curl.git/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2","digest":{"function_hash":"269881842742177138922700110191467716843","length":301},"signature_type":"Function","signature_version":"v1","deprecated":false,"target":{"file":"lib/telnet.c","function":"telnet_done"},"id":"CURL-CVE-2022-43552-734c47d1"},{"source":"https://github.com/curl/curl.git/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2","digest":{"function_hash":"324482409928202624676208668773712558595","length":142},"signature_type":"Function","signature_version":"v1","deprecated":false,"target":{"file":"lib/smb.c","function":"smb_done"},"id":"CURL-CVE-2022-43552-c0f82fb1"},{"source":"https://github.com/curl/curl.git/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2","digest":{"threshold":0.9,"line_hashes":["79245845383887842059170111150717177338","272894884398724475863392793296582376118","262602548261371261756483017864598535748","54157591434576844867646246659486475928","24376568077011132013084976085873337464","146240009638360644226877674232699358767","94607726860251348547706657129253460915","294027388036517437367722219717363273297","159208610928261940810679397309480542979","20135329842539486819551679441832620851","94607726860251348547706657129253460915","294027388036517437367722219717363273297","159208610928261940810679397309480542979","313462002835975427308762376554658091687","76081133246214743551354982893040576234","236092514644782964271248370103954398633","285744276060027907503571933643408254346","13589300331938918222003299168691216675","298029942842338866104175146240673473170","309956725929449851250342332033169538602","20363100702843067235141327614916820771","139529468072276575436906804630677553439","228807606439120635460669763810250046699"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"lib/smb.c"},"id":"CURL-CVE-2022-43552-e0f6b09b"}]}}],"schema_version":"1.7.5","credits":[{"name":"Trail of Bits","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}