Lucene search

K
osvGoogleOSV:USN-5587-1
HistorySep 01, 2022 - 9:04 p.m.

curl vulnerability

2022-09-0121:04:02
Google
osv.dev
11
curl
vulnerability
denial-of-service
cookies
http server

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

50.8%

Axel Chong discovered that when curl accepted and sent back
cookies containing control bytes that a HTTP(S) server might
return a 400 (Bad Request Error) response. A malicious cookie
host could possibly use this to cause denial-of-service.

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

50.8%