3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.2%
Low
Canonical Ubuntu
Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Update Instructions: Run sudo ua fix USN-5587-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev โ 7.47.0-1ubuntu2.19+esm5 libcurl4-openssl-dev โ 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls โ 7.47.0-1ubuntu2.19+esm5 libcurl4-doc โ 7.47.0-1ubuntu2.19+esm5 libcurl3-nss โ 7.47.0-1ubuntu2.19+esm5 libcurl4-nss-dev โ 7.47.0-1ubuntu2.19+esm5 libcurl3 โ 7.47.0-1ubuntu2.19+esm5 curl โ 7.47.0-1ubuntu2.19+esm5 Available with UA Infra or UA Desktop: https://ubuntu.com/advantage
CVEs contained in this USN include: CVE-2022-35252.
Severity is low unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2022-09-29: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.107 | |
cflinuxfs3 | lt | 0.320.0 | |
cf deployment | lt | 21.9.0 |
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.2%