When curl is used to retrieve and parse cookies from a HTTP(S) server itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

...

ALPINE-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

DEBIAN-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

AZL-11046 CVE-2022-35252 affecting package curl for versions less than 7.86.0-1

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

OESA-2022-1908 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is used to retrieve and parse cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies...

PT-2022-5838 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel may cause a denial of service if consecutive requests of the NVME IOCTL RESET and the NVME IOCTL SUBSYS RESET are made through the device file of the driver,...

control code in cookie denial of service

When curl retrieves and parses cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies that contain such control codes are later sent back to an HTTPS server, it might make the server return a 400 response. Effectively allowing a "sister site" to de...

curl 安全漏洞

curl is a tool for transferring data from or to a server. A security vulnerability exists in curl versions 4.9 through 7.84, which stems from the fact that when curl retrieves and parses a cookie from an HTTPS server, it accepts the cookie using a control code a value of less than 32 bytes, which...

UBUNTU-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

PT-2022-12246 · Biostar · Biostar Racing Gt Evo

Name of the Vulnerable Software and Affected Versions: Biostar RACING GT Evo version 2.1.1905.1700 Description: An issue was discovered in BS RCIO64.sys. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations, or call a...

CVE-2020-9014

In Epson iProjection v2.30, the driver file EMPNSAU.sys allows local users to cause a denial of service BSOD via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected...

CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...

PT-2021-12854 · Epson · Epson Iprojection

Name of the Vulnerable Software and Affected Versions: Epson iProjection version 2.30 Description: The driver file EMP MPAU.sys in Epson iProjection allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl...

VulnCheck KEV: CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

Amazon Linux AMI : openssh (ALAS-2019-1313)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

Medium: openssh

Issue Overview: An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1908)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...

EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1355)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or...