Lucene search
+L

91 matches found

RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.9 views

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

6.5CVSS6.7AI score0.3197EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/12/08 1:8 p.m.7 views

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

6.5CVSS6.7AI score0.3197EPSS
Exploits1References5
Amazon
Amazon
added 2022/11/08 12:0 a.m.95 views

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. CVE-2022-322...

9.8CVSS6.9AI score0.3197EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/08/25 12:0 a.m.74 views

Oracle Linux 9 : curl (ELSA-2022-6157)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6157 advisory. - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 Tenable has extracted the preceding descripti...

9.8CVSS7.3AI score0.3197EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2022/08/24 5:38 p.m.7 views

curl: HTTP compression denial of service

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

6.5CVSS6.7AI score0.3197EPSS
Exploits1References5
OSV
OSV
added 2022/07/08 11:3 a.m.5 views

OESA-2022-1744 curl security update

Security Fixes: A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.CVE-2022-3220...

9.8CVSS6.6AI score0.3197EPSS
Exploits4References5
NVD
NVD
added 2022/07/07 1:15 p.m.21 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS0.3197EPSS
Exploits1References11
OSV
OSV
added 2022/07/07 1:15 p.m.2 views

DEBIAN-CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS7AI score0.3197EPSS
Exploits1References1
OSV
OSV
added 2022/07/07 1:15 p.m.7 views

AZL-10102 CVE-2022-32206 affecting package curl for versions less than 7.84.0-1

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS6.7AI score0.3197EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/07/07 12:0 a.m.2 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5AI score0.3197EPSS
Exploits1References11
Hacker One
Hacker One
added 2022/06/27 7:3 a.m.78 views

Internet Bug Bounty: CVE-2022-32206: HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

4.3CVSS8.1AI score0.3197EPSS
Exploits1
Rows per page
Query Builder