When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended. — CVE-2022-32207

Summary

Advisory CVE-2022-32207. When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a… Vendor: Microsoft. Source: MSRC. Threat: critical. CVSS 9.8. See the…

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. CVE-2022-35409
• A flaw was found in Openstack manilla owning a Ceph File system "share" which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. CVE-2022-0670
• Heap buffer overflow in finfo_buffer CVE-2022-31627
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2058
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-1852
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2056
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2206
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2207
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2057
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2078
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2257
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2208