Lucene search
HackeroneCVELIST:CVE-2022-27779HistoryJun 01, 2022 - 12:00 a.m.
CVE-2022-27779
2022-06-0100:00:00
CWE-201
hackerone
www.cve.org
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl’s “cookie engine” can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/curl/curl",
"versions": [
{
"version": "Fixed in 7.83.1",
"status": "affected"
}
]
}
]Related
cnvd
cnvd
curl information leakage vulnerability
2022-05-13 00:00:00
prion
prion
Design/Logic Flaw
2022-06-02 14:15:00
cbl_mariner
cbl_mariner
CVE-2022-27779 affecting package curl for versions less than 7.83.1-1
2022-07-01 21:02:21
CVE-2022-27779 affecting package curl 7.76.0-9
2022-08-24 22:05:05
debiancve
debiancve
CVE-2022-27779
2022-06-02 14:15:44
cve
cve
CVE-2022-27779
2022-06-02 14:15:44
osv
osv
CVE-2022-27779
2022-06-02 14:15:44
veracode
veracode
Information Disclosure
2022-05-14 23:43:48
nvd
nvd
CVE-2022-27779
2022-06-02 14:15:44
ubuntucve
ubuntucve
CVE-2022-27779
2022-05-11 00:00:00
alpinelinux
alpinelinux
CVE-2022-27779
2022-06-02 14:15:44
redhatcve
redhatcve
CVE-2022-27779
2022-05-11 08:01:25
hackerone
hackerone
Internet Bug Bounty: CVE-2022-27779: cookie for trailing dot TLD
2022-05-11 07:02:48
curl: CVE-2022-27779: cookie for trailing dot TLD
2022-04-28 08:30:28
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-5.fc36
2022-05-12 20:26:36
openvas
openvas
Fedora: Security Advisory for curl (FEDORA-2022-d15a736748)
2022-05-13 00:00:00
Slackware: Security Advisory (SSA:2022-131-01)
2022-05-12 00:00:00
nessus
nessus
Fedora 36 : curl (2022-d15a736748)
2022-05-12 00:00:00
redos
redos
ROS-20220524-03
2022-05-24 00:00:00
ibm
ibm
slackware
slackware
[slackware-security] curl
2022-05-11 19:04:46
freebsd
freebsd
curl -- Multiple vulnerabilities
2022-05-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package curl version 7.83.1-alt1
2022-05-19 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-0486
2022-06-19 00:00:00
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00