CVE-2022-27781 Information
Jun 07, 2022
cve
Description
libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server’s certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Reference
https://hackerone.com/reports/1555441
libcurl
provides
the
CURLOPT_CERTINFO
option
to
allow
applications
torequest
details
to
be
returned
about
a
server’s
certificate
chain.Due
to
an
erroneous
function
a
malicious
server
could
make
libcurl
built
withNSS
get
stuck
in
a
never-ending
busy-loop
when
trying
to
retrieve
thatinformation.