Hello,
I found that the affected version of CVE-2022-43551 on the "https://curl.se/docs/CVE-2022-43551.html"; is missing. First of all, thank you very much for the very clear explanation on the website about the root causes of vulnerabilities and patc. But based on my review and analysis of the code repository, I have found that this vulnerability still exists in 'curl-7_74_0', 'curl-7_75_0', 'curl-7_76_0', 'curl-7_76_1'.However, the scope of the vulnerability affected provided on the website is "curl 7.77.0 to and including 7.86.0". So the correct affected versions is: "curl 7.74.0 to and including 7.86.0". Reference: https://curl.se/docs/CVE-2022-43551.html https://github.com/curl/curl/blob/curl-7_73_0/lib/http.c
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
