Main Vulnerability Database Vulnerabilities #VU66881

#VU66881 Input validation error in cURL - CVE-2022-35252

Published: August 31, 2022

Vulnerability identifier: #VU66881

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-35252

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2022-35252.html

#VU66881 Input validation error in cURL - CVE-2022-35252

Description

Remediation

External links

Please verify you're human