Vulnerability Details CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 3.7
References
- http://seclists.org/fulldisclosure/2023/Jan/20
- http://seclists.org/fulldisclosure/2023/Jan/21
- https://hackerone.com/reports/1613943
- https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20220930-0005/
- https://support.apple.com/kb/HT213603
- https://support.apple.com/kb/HT213604
- http://seclists.org/fulldisclosure/2023/Jan/20
- http://seclists.org/fulldisclosure/2023/Jan/21
- https://hackerone.com/reports/1613943
- https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20220930-0005/
- https://support.apple.com/kb/HT213603
- https://support.apple.com/kb/HT213604
Products affected by CVE-2022-35252
-
cpe:2.3:a:haxx:curl:-
-
cpe:2.3:a:haxx:curl:4.9
-
cpe:2.3:a:haxx:curl:6.0
-
cpe:2.3:a:haxx:curl:6.1
-
cpe:2.3:a:haxx:curl:6.2
-
cpe:2.3:a:haxx:curl:6.3
-
cpe:2.3:a:haxx:curl:6.3.1
-
cpe:2.3:a:haxx:curl:6.4
-
cpe:2.3:a:haxx:curl:6.5
-
cpe:2.3:a:haxx:curl:6.5.1
-
cpe:2.3:a:haxx:curl:6.5.2
-
cpe:2.3:a:haxx:curl:7.1
-
cpe:2.3:a:haxx:curl:7.1.1
-
cpe:2.3:a:haxx:curl:7.10
-
cpe:2.3:a:haxx:curl:7.10.1
-
cpe:2.3:a:haxx:curl:7.10.2
-
cpe:2.3:a:haxx:curl:7.10.3
-
cpe:2.3:a:haxx:curl:7.10.4
-
cpe:2.3:a:haxx:curl:7.10.5
-
cpe:2.3:a:haxx:curl:7.10.6
-
cpe:2.3:a:haxx:curl:7.10.7
-
cpe:2.3:a:haxx:curl:7.10.8
-
cpe:2.3:a:haxx:curl:7.11.0
-
cpe:2.3:a:haxx:curl:7.11.1
-
cpe:2.3:a:haxx:curl:7.11.2
-
cpe:2.3:a:haxx:curl:7.12.0
-
cpe:2.3:a:haxx:curl:7.12.1
-
cpe:2.3:a:haxx:curl:7.12.2
-
cpe:2.3:a:haxx:curl:7.12.3
-
cpe:2.3:a:haxx:curl:7.13.0
-
cpe:2.3:a:haxx:curl:7.13.1
-
cpe:2.3:a:haxx:curl:7.13.2
-
cpe:2.3:a:haxx:curl:7.14.0
-
cpe:2.3:a:haxx:curl:7.14.1
-
cpe:2.3:a:haxx:curl:7.15.0
-
cpe:2.3:a:haxx:curl:7.15.1
-
cpe:2.3:a:haxx:curl:7.15.2
-
cpe:2.3:a:haxx:curl:7.15.3
-
cpe:2.3:a:haxx:curl:7.15.4
-
cpe:2.3:a:haxx:curl:7.15.5
-
cpe:2.3:a:haxx:curl:7.16.0
-
cpe:2.3:a:haxx:curl:7.16.1
-
cpe:2.3:a:haxx:curl:7.16.2
-
cpe:2.3:a:haxx:curl:7.16.3
-
cpe:2.3:a:haxx:curl:7.16.4
-
cpe:2.3:a:haxx:curl:7.17.0
-
cpe:2.3:a:haxx:curl:7.17.1
-
cpe:2.3:a:haxx:curl:7.18.0
-
cpe:2.3:a:haxx:curl:7.18.1
-
cpe:2.3:a:haxx:curl:7.18.2
-
cpe:2.3:a:haxx:curl:7.19.0
-
cpe:2.3:a:haxx:curl:7.19.1
-
cpe:2.3:a:haxx:curl:7.19.2
-
cpe:2.3:a:haxx:curl:7.19.3
-
cpe:2.3:a:haxx:curl:7.19.4
-
cpe:2.3:a:haxx:curl:7.19.5
-
cpe:2.3:a:haxx:curl:7.19.6
-
cpe:2.3:a:haxx:curl:7.19.7
-
cpe:2.3:a:haxx:curl:7.19.7-53
-
cpe:2.3:a:haxx:curl:7.2
-
cpe:2.3:a:haxx:curl:7.2.1
-
cpe:2.3:a:haxx:curl:7.20.0
-
cpe:2.3:a:haxx:curl:7.20.1
-
cpe:2.3:a:haxx:curl:7.21.0
-
cpe:2.3:a:haxx:curl:7.21.1
-
cpe:2.3:a:haxx:curl:7.21.2
-
cpe:2.3:a:haxx:curl:7.21.3
-
cpe:2.3:a:haxx:curl:7.21.4
-
cpe:2.3:a:haxx:curl:7.21.5
-
cpe:2.3:a:haxx:curl:7.21.6
-
cpe:2.3:a:haxx:curl:7.21.7
-
cpe:2.3:a:haxx:curl:7.22.0
-
cpe:2.3:a:haxx:curl:7.23.0
-
cpe:2.3:a:haxx:curl:7.23.1
-
cpe:2.3:a:haxx:curl:7.24.0
-
cpe:2.3:a:haxx:curl:7.25.0
-
cpe:2.3:a:haxx:curl:7.26.0
-
cpe:2.3:a:haxx:curl:7.27.0
-
cpe:2.3:a:haxx:curl:7.28.0
-
cpe:2.3:a:haxx:curl:7.28.1
-
cpe:2.3:a:haxx:curl:7.29.0
-
cpe:2.3:a:haxx:curl:7.3
-
cpe:2.3:a:haxx:curl:7.30.0
-
cpe:2.3:a:haxx:curl:7.31.0
-
cpe:2.3:a:haxx:curl:7.32.0
-
cpe:2.3:a:haxx:curl:7.33.0
-
cpe:2.3:a:haxx:curl:7.34.0
-
cpe:2.3:a:haxx:curl:7.35.0
-
cpe:2.3:a:haxx:curl:7.36.0
-
cpe:2.3:a:haxx:curl:7.37.0
-
cpe:2.3:a:haxx:curl:7.37.1
-
cpe:2.3:a:haxx:curl:7.38.0
-
cpe:2.3:a:haxx:curl:7.39.0
-
cpe:2.3:a:haxx:curl:7.4
-
cpe:2.3:a:haxx:curl:7.4.1
-
cpe:2.3:a:haxx:curl:7.4.2
-
cpe:2.3:a:haxx:curl:7.40.0
-
cpe:2.3:a:haxx:curl:7.41.0
-
cpe:2.3:a:haxx:curl:7.42.0
-
cpe:2.3:a:haxx:curl:7.42.1
-
cpe:2.3:a:haxx:curl:7.43.0
-
cpe:2.3:a:haxx:curl:7.44.0
-
cpe:2.3:a:haxx:curl:7.45.0
-
cpe:2.3:a:haxx:curl:7.46.0
-
cpe:2.3:a:haxx:curl:7.47.0
-
cpe:2.3:a:haxx:curl:7.47.1
-
cpe:2.3:a:haxx:curl:7.48.0
-
cpe:2.3:a:haxx:curl:7.49.0
-
cpe:2.3:a:haxx:curl:7.49.1
-
cpe:2.3:a:haxx:curl:7.5
-
cpe:2.3:a:haxx:curl:7.5.1
-
cpe:2.3:a:haxx:curl:7.5.2
-
cpe:2.3:a:haxx:curl:7.50.0
-
cpe:2.3:a:haxx:curl:7.50.1
-
cpe:2.3:a:haxx:curl:7.50.2
-
cpe:2.3:a:haxx:curl:7.50.3
-
cpe:2.3:a:haxx:curl:7.51.0
-
cpe:2.3:a:haxx:curl:7.52.0
-
cpe:2.3:a:haxx:curl:7.52.1
-
cpe:2.3:a:haxx:curl:7.53.0
-
cpe:2.3:a:haxx:curl:7.53.1
-
cpe:2.3:a:haxx:curl:7.54.0
-
cpe:2.3:a:haxx:curl:7.54.1
-
cpe:2.3:a:haxx:curl:7.55.0
-
cpe:2.3:a:haxx:curl:7.55.1
-
cpe:2.3:a:haxx:curl:7.56.0
-
cpe:2.3:a:haxx:curl:7.56.1
-
cpe:2.3:a:haxx:curl:7.57.0
-
cpe:2.3:a:haxx:curl:7.58.0
-
cpe:2.3:a:haxx:curl:7.59.0
-
cpe:2.3:a:haxx:curl:7.6
-
cpe:2.3:a:haxx:curl:7.6.1
-
cpe:2.3:a:haxx:curl:7.60.0
-
cpe:2.3:a:haxx:curl:7.61.0
-
cpe:2.3:a:haxx:curl:7.61.1
-
cpe:2.3:a:haxx:curl:7.62.0
-
cpe:2.3:a:haxx:curl:7.63.0
-
cpe:2.3:a:haxx:curl:7.64.0
-
cpe:2.3:a:haxx:curl:7.64.1
-
cpe:2.3:a:haxx:curl:7.65.0
-
cpe:2.3:a:haxx:curl:7.65.1
-
cpe:2.3:a:haxx:curl:7.65.2
-
cpe:2.3:a:haxx:curl:7.65.3
-
cpe:2.3:a:haxx:curl:7.66.0
-
cpe:2.3:a:haxx:curl:7.67.0
-
cpe:2.3:a:haxx:curl:7.68.0
-
cpe:2.3:a:haxx:curl:7.69.0
-
cpe:2.3:a:haxx:curl:7.69.1
-
cpe:2.3:a:haxx:curl:7.7
-
cpe:2.3:a:haxx:curl:7.7.1
-
cpe:2.3:a:haxx:curl:7.7.2
-
cpe:2.3:a:haxx:curl:7.7.3
-
cpe:2.3:a:haxx:curl:7.70.0
-
cpe:2.3:a:haxx:curl:7.71.0
-
cpe:2.3:a:haxx:curl:7.71.1
-
cpe:2.3:a:haxx:curl:7.72.0
-
cpe:2.3:a:haxx:curl:7.73.0
-
cpe:2.3:a:haxx:curl:7.74.0
-
cpe:2.3:a:haxx:curl:7.75.0
-
cpe:2.3:a:haxx:curl:7.76.0
-
cpe:2.3:a:haxx:curl:7.76.1
-
cpe:2.3:a:haxx:curl:7.77.0
-
cpe:2.3:a:haxx:curl:7.78.0
-
cpe:2.3:a:haxx:curl:7.79.0
-
cpe:2.3:a:haxx:curl:7.79.1
-
cpe:2.3:a:haxx:curl:7.8
-
cpe:2.3:a:haxx:curl:7.8.1
-
cpe:2.3:a:haxx:curl:7.80.0
-
cpe:2.3:a:haxx:curl:7.81.0
-
cpe:2.3:a:haxx:curl:7.82.0
-
cpe:2.3:a:haxx:curl:7.83.0
-
cpe:2.3:a:haxx:curl:7.83.1
-
cpe:2.3:a:haxx:curl:7.84.0
-
cpe:2.3:a:haxx:curl:7.9
-
cpe:2.3:a:haxx:curl:7.9.1
-
cpe:2.3:a:haxx:curl:7.9.2
-
cpe:2.3:a:haxx:curl:7.9.3
-
cpe:2.3:a:haxx:curl:7.9.4
-
cpe:2.3:a:haxx:curl:7.9.5
-
cpe:2.3:a:haxx:curl:7.9.6
-
cpe:2.3:a:haxx:curl:7.9.7
-
cpe:2.3:a:haxx:curl:7.9.8
-
cpe:2.3:a:netapp:clustered_data_ontap:-
-
cpe:2.3:a:netapp:element_software:-
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:a:splunk:universal_forwarder:8.2.0
-
cpe:2.3:a:splunk:universal_forwarder:8.2.10
-
cpe:2.3:a:splunk:universal_forwarder:8.2.11
-
cpe:2.3:a:splunk:universal_forwarder:8.2.6
-
cpe:2.3:a:splunk:universal_forwarder:8.2.7
-
cpe:2.3:a:splunk:universal_forwarder:8.2.8
-
cpe:2.3:a:splunk:universal_forwarder:8.2.9
-
cpe:2.3:a:splunk:universal_forwarder:9.0.0
-
cpe:2.3:a:splunk:universal_forwarder:9.0.1
-
cpe:2.3:a:splunk:universal_forwarder:9.0.2
-
cpe:2.3:a:splunk:universal_forwarder:9.0.3
-
cpe:2.3:a:splunk:universal_forwarder:9.0.4
-
cpe:2.3:a:splunk:universal_forwarder:9.0.5
-
cpe:2.3:a:splunk:universal_forwarder:9.1.0
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:h:netapp:hci_compute_node:-
-
cpe:2.3:o:apple:macos:11.0
-
cpe:2.3:o:apple:macos:11.0.1
-
cpe:2.3:o:apple:macos:11.1
-
cpe:2.3:o:apple:macos:11.1.0
-
cpe:2.3:o:apple:macos:11.2
-
cpe:2.3:o:apple:macos:11.2.1
-
cpe:2.3:o:apple:macos:11.3
-
cpe:2.3:o:apple:macos:11.3.1
-
cpe:2.3:o:apple:macos:11.4
-
cpe:2.3:o:apple:macos:11.5
-
cpe:2.3:o:apple:macos:11.5.1
-
cpe:2.3:o:apple:macos:11.6
-
cpe:2.3:o:apple:macos:11.6.1
-
cpe:2.3:o:apple:macos:11.6.2
-
cpe:2.3:o:apple:macos:11.6.3
-
cpe:2.3:o:apple:macos:11.6.5
-
cpe:2.3:o:apple:macos:11.6.6
-
cpe:2.3:o:apple:macos:11.6.7
-
cpe:2.3:o:apple:macos:11.6.8
-
cpe:2.3:o:apple:macos:11.7
-
cpe:2.3:o:apple:macos:11.7.1
-
cpe:2.3:o:apple:macos:11.7.2
-
cpe:2.3:o:apple:macos:12.0.0
-
cpe:2.3:o:apple:macos:12.0.1
-
cpe:2.3:o:apple:macos:12.1
-
cpe:2.3:o:apple:macos:12.2
-
cpe:2.3:o:apple:macos:12.2.1
-
cpe:2.3:o:apple:macos:12.3
-
cpe:2.3:o:apple:macos:12.3.1
-
cpe:2.3:o:apple:macos:12.4
-
cpe:2.3:o:apple:macos:12.5
-
cpe:2.3:o:apple:macos:12.5.1
-
cpe:2.3:o:apple:macos:12.6
-
cpe:2.3:o:apple:macos:12.6.1
-
cpe:2.3:o:apple:macos:12.6.2
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:netapp:bootstrap_os:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-