CVE-2022-27778 — HIGH (8.1)

Q: What is CVE-2022-27778?

CVE-2022-27778 is a vulnerability with a CVSS score of 8.1 (HIGH). A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

Q: How severe is CVE-2022-27778?

CVE-2022-27778 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27778?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Netapp Active Iq Unified Manager, Netapp Clustered Data Ontap, Netapp Oncommand Insight, Netapp Oncommand Workflow Automation.

Vulnerability Description

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Haxx	Curl	7.83.0
Netapp	Active Iq Unified Manager	-
Netapp	Clustered Data Ontap	-
Netapp	Oncommand Insight	-
Netapp	Oncommand Workflow Automation	-
Netapp	Snapcenter	-
Netapp	Solidfire \& Hci Management Node	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	Bh500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	Hci Compute Node Firmware	-
Netapp	Hci Compute Node	-
Oracle	Mysql Server	<= 5.7.38
Splunk	Universal Forwarder	>= 8.2.0, < 8.2.12

Related Weaknesses (CWE)

CWE-706

References

https://hackerone.com/reports/1553598ExploitThird Party Advisory
https://security.netapp.com/advisory/ntap-20220609-0009/Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0004/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
https://hackerone.com/reports/1553598ExploitThird Party Advisory
https://security.netapp.com/advisory/ntap-20220609-0009/Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0004/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory

FAQ

What is CVE-2022-27778?

CVE-2022-27778 is a vulnerability with a CVSS score of 8.1 (HIGH). A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

How severe is CVE-2022-27778?

CVE-2022-27778 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27778?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Netapp Active Iq Unified Manager, Netapp Clustered Data Ontap, Netapp Oncommand Insight, Netapp Oncommand Workflow Automation.