CVE-2022-42916: 
Splunk Forwarder vulnerability analysis and mitigation

CVE-2022-42916 affects curl versions 7.77.0 to 7.85.0, where the HSTS (HTTP Strict Transport Security) check could be bypassed to trick it into staying with HTTP. The vulnerability was discovered on October 11, 2022, and was fixed in curl version 7.86.0 released on October 26, 2022. The issue affects curl's HSTS support, which is designed to enforce HTTPS connections even when HTTP is provided in the URL (Curl Advisory).

The vulnerability occurs when the hostname in the given URL uses IDN (Internationalized Domain Name) characters that get replaced with ASCII counterparts during IDN conversion. For example, using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). This mechanism could be bypassed to force curl to use insecure HTTP connections instead of HTTPS. The vulnerability has been assigned a CVSS score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NetApp Advisory).

The successful exploitation of this vulnerability could lead to disclosure of sensitive information by allowing attackers to bypass HSTS protection and force connections over insecure HTTP instead of HTTPS. This could potentially expose sensitive data transmitted between the client and server to interception (NetApp Advisory).

The recommended mitigations include upgrading curl to version 7.86.0 or later, applying the security patch to the local version, or consistently using HTTPS URLs instead of HTTP. The vulnerability was fixed in curl 7.86.0 through improved handling of IDN conversions in HSTS checks (Curl Advisory).