{"id":"CVE-2022-27775","details":"An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.","aliases":["CURL-CVE-2022-27775"],"modified":"2026-04-16T04:34:56.675671852Z","published":"2022-06-02T14:15:43.510Z","related":["ALSA-2022:8299","SUSE-SU-2022:1657-1","openSUSE-SU-2024:12028-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202212-01"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220609-0008/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5197"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/1546268"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"885ce31401b6789c959131754b1e5ae518964072"},{"last_affected":"64db5c575d9c5536bd273a890f50777ad1ca7c13"}],"database_specific":{"versions":[{"introduced":"7.65.0"},{"last_affected":"7.82.0"}]}}],"versions":["curl-7_65_0","curl-7_65_1","curl-7_65_2","curl-7_65_3","curl-7_66_0","curl-7_67_0","curl-7_68_0","curl-7_69_0","curl-7_69_1","curl-7_70_0","curl-7_71_0","curl-7_71_1","curl-7_72_0","curl-7_73_0","curl-7_74_0","curl-7_75_0","curl-7_76_0","curl-7_76_1","curl-7_77_0","curl-7_78_0","curl-7_79_0","curl-7_79_1","curl-7_80_0","curl-7_81_0","curl-7_82_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"8.2.0"},{"fixed":"8.2.12"}]},{"events":[{"introduced":"9.0.0"},{"fixed":"9.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.1.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}