{"id":"CVE-2022-27775","details":"An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.","aliases":["CURL-CVE-2022-27775"],"modified":"2026-07-08T06:00:59.923156945Z","published":"2022-06-01T00:00:00Z","related":["ALSA-2022:8299","SUSE-SU-2022:1657-1","openSUSE-SU-2024:12028-1"],"database_specific":{"cwe_ids":["CWE-200"],"unresolved_ranges":[{"extracted_events":[{"introduced":"curl 7.65.0 to 7.82.0 are vulnerable"},{"last_affected":"curl 7.65.0 to 7.82.0 are vulnerable"}],"source":"AFFECTED_FIELD"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27775.json","cna_assigner":"hackerone"},"references":[{"type":"WEB","url":"https://hackerone.com/reports/1546268"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27775.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27775"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202212-01"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220609-0008/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5197"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"885ce31401b6789c959131754b1e5ae518964072"},{"last_affected":"64db5c575d9c5536bd273a890f50777ad1ca7c13"}],"database_specific":{"extracted_events":[{"introduced":"7.65.0"},{"last_affected":"7.82.0"}],"cpe":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["curl-7_82_0","curl-7_81_0","curl-7_80_0","curl-7_79_1","curl-7_79_0","curl-7_78_0","curl-7_77_0","curl-7_76_1","curl-7_76_0","curl-7_75_0","curl-7_74_0","curl-7_73_0","curl-7_72_0","curl-7_71_1","curl-7_71_0","curl-7_70_0","curl-7_69_1","curl-7_69_0","curl-7_68_0","curl-7_67_0","curl-7_66_0","curl-7_65_3","curl-7_65_2","curl-7_65_1","curl-7_65_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}