CVE-2022-42915: 
Splunk Forwarder vulnerability analysis and mitigation

CVE-2022-42915 affects curl versions 7.77.0 to 7.85.0. The vulnerability occurs when curl is configured to use an HTTP proxy for a non-HTTP(S) URL transfer. When the proxy refuses the CONNECT request (which is common for non-standard ports), a double free vulnerability can be triggered if using specific URL schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet (CURL CVE, MITRE CVE).

The vulnerability stems from flaws in the error/cleanup handling when curl sets up a connection to a remote server through an HTTP proxy. The process involves issuing a CONNECT request to the proxy and then tunneling the protocol through. When the proxy returns a non-200 response code (common for connections to non-standard ports), the error handling code path contains a double free vulnerability (CURL CVE).

The vulnerability has been assigned a CVSS score of 8.1 (High), with potential impacts including unauthorized information disclosure, data modification, or denial of service (DoS). The vulnerability requires network access but no user interaction or privileges (NETAPP Advisory).

The vulnerability was fixed in curl version 7.86.0. Users are recommended to upgrade to this version or later. If upgrading is not immediately possible, users should avoid using HTTP proxies for non-HTTP(S) URL transfers (CURL CVE).

Multiple major vendors and distributions have released security advisories and patches for this vulnerability, including Apple, Red Hat, Ubuntu, and NetApp. The vulnerability has been incorporated into security updates across various operating systems and products (NETAPP Advisory, Apple Security).