Lucene search

K
cveHackeroneCVE-2022-35252
HistorySep 23, 2022 - 2:15 p.m.

CVE-2022-35252

2022-09-2314:15:12
CWE-20
hackerone
web.nvd.nist.gov
482
5
cve-2022-35252
http
https
server
denial of service
vulnerability
nvd

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

50.8%

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Affected configurations

Nvd
Vulners
Node
haxxcurlRange<7.85.0
Node
netappclustered_data_ontapMatch-
OR
netappelement_softwareMatch-
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
Node
netappbootstrap_osMatch-
AND
netapphci_compute_nodeMatch-
Node
netapph300s_firmwareMatch-
AND
netapph300sMatch-
Node
netapph500s_firmwareMatch-
AND
netapph500sMatch-
Node
netapph700s_firmwareMatch-
AND
netapph700sMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
applemacosRange11.011.7.3
OR
applemacosRange12.0.012.6.3
Node
debiandebian_linuxMatch10.0
Node
splunkuniversal_forwarderRange8.2.08.2.12
OR
splunkuniversal_forwarderRange9.0.09.0.6
OR
splunkuniversal_forwarderMatch9.1.0
VendorProductVersionCPE
haxxcurl*cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
netappclustered_data_ontap-cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
netappelement_software-cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netappbootstrap_os-cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
netapphci_compute_node-cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph500s_firmware-cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in curl 7.85.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

50.8%