CVE-2022-35252

CVE-2022-35252

Name

CVE-2022-35252

Description

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://hackerone.com/reports/1613943
CONFIRM	https://security.netapp.com/advisory/ntap-20220930-0005/

Type

URI

MISC

https://hackerone.com/reports/1613943

CONFIRM

https://security.netapp.com/advisory/ntap-20220930-0005/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:haxx:curl::::::::`	curl	>= None	< 7.85.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

curl

>= None

< 7.85.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
curl	3.13-main	7.79.1-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.16-main	7.83.1-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.15-main	7.80.0-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.14-main	7.79.1-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

curl

3.13-main

7.79.1-r3

Natanael Copa <ncopa@alpinelinux.org>

fixed

curl

3.16-main