Lucene search

[email protected]CVE-2022-35252

HistorySep 23, 2022 - 2:15 p.m.

CVE-2022-35252

2022-09-2314:15:12

CWE-20

[email protected]

web.nvd.nist.gov

473

cve-2022-35252

http

https

server

denial of service

vulnerability

nvd

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.8%

JSON

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Affected configurations

NVD

Node

haxxcurlRange<7.85.0

Node

netappclustered_data_ontapMatch-

netappelement_softwareMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

netappbootstrap_osMatch-

AND

netapphci_compute_nodeMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

applemacosRange11.0–11.7.3

applemacosRange12.0.0–12.6.3

Node

debiandebian_linuxMatch10.0

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

CPENameOperatorVersion
haxx:curlhaxx curllt7.85.0

CPE	Name	Operator	Version
haxx:curl	haxx curl	lt	7.85.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in curl 7.85.0",
        "status": "affected"
      }
    ]
  }
]