curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Some question about CVE-2022-27779

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: 陈星杵 via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 24 Mar 2025 22:26:10 +0800 (GMT+08:00)

Hello,

I hope this email finds you well. I apologize for the interruption, but I recently noticed that the CURL website provides both the commit that introduced CVE-2022-27779[1] and the corresponding patch. However, the MD5 checksums of the modified files in these two versions do not match[2][3].

I would like to understand the reason for this discrepancy. Could it be that this vulnerability only exists when the libpsl parameter is set?

I would greatly appreciate any clarification you could provide. Thank you for your time and assistance.

Best regards.

[1] https://curl.se/docs/CVE-2022-27779.html

[2] Introduce commit: https://github.com/curl/curl/commit/b27ad8e1d3e68e

[3] Patch: https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2025-03-24

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "Re: Some question about CVE-2022-27779"
Previous message: Niall O'Reilly via curl-library: "Re: HTTPS RR side of things"
Next in thread: Daniel Stenberg via curl-library: "Re: Some question about CVE-2022-27779"
Reply: Daniel Stenberg via curl-library: "Re: Some question about CVE-2022-27779"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]