CVE-2022-32207

Q: How do I fix CVE-2022-32207?

1. Update curl to version 7.84.0 or later using your system's package manager. 2. For Linux: Use 'sudo apt update && sudo apt upgrade curl' (Debian/Ubuntu) or 'sudo yum update curl' (RHEL/CentOS). 3. For Windows: Download latest version from curl.se. 4. For macOS: Use 'brew upgrade curl' or download from curl.se.

Q: What is the severity of CVE-2022-32207?

CVE-2022-32207 has a CVSS score of 9.8 (CRITICAL). CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operations. When curl saves cookies, alt-svc, or hsts data to local files, it may accidentally make these files accessible to more users than intended. This affects any system running vulnerable curl versions that save these types of data to disk.

9.8 CRITICAL

📋 TL;DR

CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operations. When curl saves cookies, alt-svc, or hsts data to local files, it may accidentally make these files accessible to more users than intended. This affects any system running vulnerable curl versions that save these types of data to disk.

💻 Affected Systems

Products:

curl

Versions: All versions < 7.84.0

Operating Systems: Linux, Unix-like systems, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects curl when saving cookies, alt-svc, or hsts data to files. Systems using curl only for transient operations without file persistence are not affected.

📦 What is this software?

Bootstrap Os by Netapp

View all CVEs affecting Bootstrap Os →

Clustered Data Ontap by Netapp

View all CVEs affecting Clustered Data Ontap →

Curl by Haxx

curl is a command-line tool and library for transferring data with URLs. It supports numerous protocols including HTTP, HTTPS, FTP, and more, making it essential for API testing, web scraping, and automated data transfers.

Learn more about Curl →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Solidfire by Netapp

View all CVEs affecting Solidfire →

Universal Forwarder by Splunk

View all CVEs affecting Universal Forwarder →

Universal Forwarder by Splunk

View all CVEs affecting Universal Forwarder →

Universal Forwarder by Splunk

View all CVEs affecting Universal Forwarder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive authentication cookies, HSTS policies, or alt-svc configurations could be exposed to unauthorized users, potentially enabling session hijacking, credential theft, or man-in-the-middle attacks.

🟠

Likely Case

Local users on multi-user systems could access other users' curl session data, potentially compromising privacy and enabling limited privilege escalation.

🟢

If Mitigated

With proper file system permissions and user isolation, impact is limited to potential information disclosure within controlled environments.

🌐 Internet-Facing: LOW - This is primarily a local file system vulnerability requiring local access to exploit.

🏢 Internal Only: MEDIUM - Multi-user systems with vulnerable curl versions could experience information disclosure between users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. Proof-of-concept code is available in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: curl 7.84.0 and later

Vendor Advisory: https://curl.se/docs/CVE-2022-32207.html

Restart Required: No

Instructions:

1. Update curl to version 7.84.0 or later using your system's package manager. 2. For Linux: Use 'sudo apt update && sudo apt upgrade curl' (Debian/Ubuntu) or 'sudo yum update curl' (RHEL/CentOS). 3. For Windows: Download latest version from curl.se. 4. For macOS: Use 'brew upgrade curl' or download from curl.se.

🔧 Temporary Workarounds

Disable file persistence

all

Prevent curl from saving cookies, alt-svc, or hsts data to files

curl --no-cookies
curl --no-alt-svc
curl --no-hsts

Use secure directories

linux

Configure curl to save files only to directories with strict permissions

mkdir -p ~/.secure_curl
chmod 700 ~/.secure_curl
export CURL_HOME=~/.secure_curl

🧯 If You Can't Patch

Implement strict file system permissions and user isolation on multi-user systems
Monitor for unauthorized access to curl configuration and data files

🔍 How to Verify

Check if Vulnerable:

Check curl version with 'curl --version' and verify it's below 7.84.0

Check Version:

curl --version | head -1

Verify Fix Applied:

Run 'curl --version' and confirm version is 7.84.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected file permission changes in curl data directories
Multiple users accessing same curl configuration files

Network Indicators:

None - this is a local file system vulnerability

SIEM Query:

File modification events in curl data directories with permission changes (e.g., /home/*/.curl, /tmp/curl*)

📊 Metadata

CVE ID: CVE-2022-32207

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-840

Published: July 7, 2022

Last Updated: April 23, 2025

🔗 References

http://seclists.org/fulldisclosure/2022/Oct/28 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
https://hackerone.com/reports/1573634 Exploit,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202212-01 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220915-0003/ Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
https://www.debian.org/security/2022/dsa-5197 Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
https://hackerone.com/reports/1573634 Exploit,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202212-01 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220915-0003/ Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
https://www.debian.org/security/2022/dsa-5197 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bootstrap Os by Netapp

Clustered Data Ontap by Netapp

Curl by Haxx

Debian Linux by Debian

Element Software by Netapp

Fedora by Fedoraproject

H300s Firmware by Netapp

H410s Firmware by Netapp

H500s Firmware by Netapp

H700s Firmware by Netapp

Hci Management Node by Netapp

Macos by Apple

Solidfire by Netapp

Universal Forwarder by Splunk

Universal Forwarder by Splunk

Universal Forwarder by Splunk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable file persistence

Use secure directories

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities