How serious is CVE-2022-43551?

This vulnerability has a CVSS score of 7.5 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2022-43551?

Yes, proof-of-concept exploit code for CVE-2022-43551 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2022-43551?

CVE-2022-43551 affects haxx curl. Check the full CVE details for specific version information.

How do I fix CVE-2022-43551?

To remediate CVE-2022-43551, check for security patches from haxx. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2022-43551

High

|7.5

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker can trick curl into using an insecure HTTP connection instead of the intended secure HTTPS by manipulating the URL with special characters that confuse the software's security checks. This vulnerability occurs when the URL contains IDN characters that are converted to ASCII, allowing the attacker to bypass the HSTS protection that should enforce secure connections.

Technical Description

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactNone

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,053($1K-$5K)

Vendor Response

Grade FPatched in 1148 days

Quick Information

Published

Dec 23, 2022

about 3 years ago

Last Modified

Feb 13, 2026

7 days ago

Vendor

haxx

Product

curl

Related Vulnerabilities

CVE-2023-28322Low

This vulnerability allows an attacker to potentially send incorrect data during an HTTP POST request if the same connection handle was previously used for a PUT request, which could lead to unexpected application behavior. It mainly affects applications that reuse connection handles without properly resetting them, making it important for developers to be cautious when switching between different types of requests.

CVE-2023-27533High

An attacker can exploit a vulnerability in curl to send malicious commands during TELNET communication, potentially allowing them to execute arbitrary code on the system. This can happen if an application using curl accepts user input without properly checking it, making it particularly risky for applications that rely on user-provided data.

CVE-2023-23915Medium

This vulnerability allows an attacker to potentially intercept sensitive information during data transfers because the curl tool may fail to upgrade certain HTTP requests to secure HTTPS when multiple requests are made at the same time. This issue occurs only when using curl versions prior to 7.88.0 and can lead to unprotected data being sent over the internet instead of the intended secure connection.

CVE-2022-32221Critical

This vulnerability allows an attacker to manipulate data sent in a POST request by exploiting a flaw in how the curl library handles reused connections, potentially leading to the wrong data being sent or causing the application to crash. It occurs when a connection that was previously used for a PUT request is reused for a POST request without properly resetting the data handling, which could happen in applications that frequently switch between these types of requests.

CVE-2022-42916High

This vulnerability allows an attacker to trick curl into using an insecure HTTP connection instead of the intended secure HTTPS connection by manipulating the URL with special characters. This can happen when the URL includes international domain names that get converted to ASCII, making it possible for the attacker to bypass security checks designed to enforce HTTPS.