{"vulnerability": "CVE-2022-4291", "sightings": [{"uuid": "9b3fc192-aa29-4655-a704-59fcdd4e9ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-42919", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "9f83dd9a-2c94-4e5f-b8ec-22f799e17a3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42916", "type": "seen", "source": "https://t.me/ctinow/73070", "content": "Internet Bug Bounty: CVE-2022-42916: HSTS bypass via IDN\n\nhttps://ift.tt/vcyxmqA", "creation_timestamp": "2022-11-03T02:16:26.000000Z"}, {"uuid": "ec0fe253-0f21-4055-a15d-dccb9cbb51cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42916", "type": "seen", "source": "https://t.me/ctinow/71719", "content": "curl: CVE-2022-42916: HSTS bypass via IDN\n\nhttps://ift.tt/ubgRrZ4", "creation_timestamp": "2022-10-27T18:41:19.000000Z"}, {"uuid": "c1c6dde2-28e0-48d6-a87b-e4bdf08d7d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42916", "type": "seen", "source": "https://t.me/arpsyndicate/2836", "content": "#ExploitObserverAlert\n\nCVE-2022-42916\n\nDESCRIPTION: Exploit Observer has 22 entries in 2 file formats related to CVE-2022-42916. In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.\n\nFIRST-EPSS: 0.001100000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T07:37:13.000000Z"}, {"uuid": "6d71c804-bda5-4437-bfb4-c77ef607a814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42919", "type": "seen", "source": "https://t.me/arpsyndicate/1618", "content": "#ExploitObserverAlert\n\nCVE-2022-42919\n\nDESCRIPTION: Exploit Observer has 14 entries related to CVE-2022-42919. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.\n\nFIRST-EPSS: 0.000440000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-10T12:33:17.000000Z"}, {"uuid": "caf51916-31c4-4486-8841-577e82126f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42919", "type": "seen", "source": "https://t.me/cibsecurity/52578", "content": "\u203c CVE-2022-42919 \u203c\n\nPython 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T02:33:45.000000Z"}, {"uuid": "096ffa36-7d76-4721-b650-7b1bc29b4aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42915", "type": "seen", "source": "https://t.me/cibsecurity/52270", "content": "\u203c CVE-2022-42915 \u203c\n\ncurl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-30T00:30:29.000000Z"}]}