curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...

Oracle Linux 8 : curl (ELSA-2023-2963)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2963 advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552...

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

Oracle Linux 9 : curl (ELSA-2023-2478)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2478 advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 - fi...

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

CVE-2023-28101 Flatpak metadata with ANSI control codes can cause misleading terminal output

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the flatpak1 command-line...

CVE-2023-28101 Flatpak metadata with ANSI control codes can cause misleading terminal output

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the flatpak1 command-line...

Siemens SCALANCE X-200RNA Switch Devices Inappropriate Encoding For Output Context (CVE-2019-6110)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in- The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. - In OpenSSH 7.9, due to accepting and...

K12252011: OpenSSH vulnerability CVE-2019-6109

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...

SUSE CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...

CVE-2022-44898

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service DoS or escalate privileges via crafted IOCTL requests...

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. CVE-2022-322...

F5 Networks BIG-IP : OpenSSH vulnerability (K42531048)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K42531048 advisory. In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server ...

F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K12252011 advisory. An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicio...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-206)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-206 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

ROS-20221007-21

The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are handled. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote user...