Lucene search

AmazonALAS2-2022-1875

HistoryOct 31, 2022 - 7:40 p.m.

Medium: curl

2022-10-3119:40:00

alas.aws.amazon.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON

Issue Overview:

A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. (CVE-2022-32205)

A vulnerability was found in curl. This issue occurs because the number of acceptable “links” in the “decompression chain” was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a malicious actor. (CVE-2022-32206)

A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by mistake or by a malicious actor. (CVE-2022-32207)

A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client. (CVE-2022-32208)

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a “sister site” to deny service to siblings and cause a denial of service attack. (CVE-2022-35252)

Affected Packages:

curl

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update curl to update your system.

New Packages:

aarch64:  
    curl-7.79.1-6.amzn2.0.1.aarch64  
    libcurl-7.79.1-6.amzn2.0.1.aarch64  
    libcurl-devel-7.79.1-6.amzn2.0.1.aarch64  
    curl-debuginfo-7.79.1-6.amzn2.0.1.aarch64  
  
i686:  
    curl-7.79.1-6.amzn2.0.1.i686  
    libcurl-7.79.1-6.amzn2.0.1.i686  
    libcurl-devel-7.79.1-6.amzn2.0.1.i686  
    curl-debuginfo-7.79.1-6.amzn2.0.1.i686  
  
src:  
    curl-7.79.1-6.amzn2.0.1.src  
  
x86_64:  
    curl-7.79.1-6.amzn2.0.1.x86_64  
    libcurl-7.79.1-6.amzn2.0.1.x86_64  
    libcurl-devel-7.79.1-6.amzn2.0.1.x86_64  
    curl-debuginfo-7.79.1-6.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252

Mitre: CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64curl< 7.79.1-6.amzn2.0.1curl-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64libcurl< 7.79.1-6.amzn2.0.1libcurl-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64libcurl-devel< 7.79.1-6.amzn2.0.1libcurl-devel-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64curl-debuginfo< 7.79.1-6.amzn2.0.1curl-debuginfo-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux2i686curl< 7.79.1-6.amzn2.0.1curl-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux2i686libcurl< 7.79.1-6.amzn2.0.1libcurl-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux2i686libcurl-devel< 7.79.1-6.amzn2.0.1libcurl-devel-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux2i686curl-debuginfo< 7.79.1-6.amzn2.0.1curl-debuginfo-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux2x86_64curl< 7.79.1-6.amzn2.0.1curl-7.79.1-6.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64libcurl< 7.79.1-6.amzn2.0.1libcurl-7.79.1-6.amzn2.0.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	curl	< 7.79.1-6.amzn2.0.1	curl-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	libcurl	< 7.79.1-6.amzn2.0.1	libcurl-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	libcurl-devel	< 7.79.1-6.amzn2.0.1	libcurl-devel-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	curl-debuginfo	< 7.79.1-6.amzn2.0.1	curl-debuginfo-7.79.1-6.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	curl	< 7.79.1-6.amzn2.0.1	curl-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	libcurl	< 7.79.1-6.amzn2.0.1	libcurl-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	libcurl-devel	< 7.79.1-6.amzn2.0.1	libcurl-devel-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	curl-debuginfo	< 7.79.1-6.amzn2.0.1	curl-debuginfo-7.79.1-6.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	curl	< 7.79.1-6.amzn2.0.1	curl-7.79.1-6.amzn2.0.1.x86_64.rpm
Amazon Linux	2	x86_64	libcurl	< 7.79.1-6.amzn2.0.1	libcurl-7.79.1-6.amzn2.0.1.x86_64.rpm