When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

CPENameOperatorVersion
macosge11.0
macoslt11.7.3
macosge12.0.0
macoslt12.6.3
debian_linuxeq10.0
curllt7.85.0

Name	Operator	Version
macos	ge	11.0
macos	lt	11.7.3
macos	ge	12.0.0
macos	lt	12.6.3
debian_linux	eq	10.0
curl	lt	7.85.0

References

seclists.org/fulldisclosure/2023/Jan/20

seclists.org/fulldisclosure/2023/Jan/21

hackerone.com/reports/1613943

lists.debian.org/debian-lts-announce/2023/01/msg00028.html

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20220930-0005/

support.apple.com/kb/HT213603

support.apple.com/kb/HT213604

slackware 1

fedora 3

nessus 50

openvas 30

cvelist 1

hackerone 2

ubuntucve 1

ubuntu 1

osv 6

redos 1

cloudfoundry 1

alpinelinux 1

veracode 1

ibm 18

mageia 1

cbl_mariner 2

nvd 1

suse 2

redhatcve 1

debiancve 1

cve 1

almalinux 2

redhat 9

oraclelinux 2

photon 5

amazon 2

debian 1

ics 5

apple 3

gentoo 1

tenable 1

slackware

[slackware-security] curl

2022-09-01 03:09:16

fedora

[SECURITY] Fedora 37 Update: curl-7.85.0-1.fc37

2022-09-14 00:23:17

[SECURITY] Fedora 35 Update: curl-7.79.1-6.fc35

2022-09-19 01:21:12

[SECURITY] Fedora 36 Update: curl-7.82.0-8.fc36

2022-09-06 10:05:29

nessus

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2790)

2022-12-08 00:00:00

Siemens SCALANCE XCM332 Improper Validation of Syntactic Correctness of Input (CVE-2022-35252)

2023-05-02 00:00:00

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-1186)

2023-01-10 00:00:00

openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1186)

2023-01-12 00:00:00

openSUSE: Security Advisory for curl (SUSE-SU-2022:3004-1)

2022-09-03 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1143)

2023-01-12 00:00:00

cvelist

CVE-2022-35252

2022-09-23 00:00:00

hackerone

curl: CVE-2022-35252: control code in cookie denial of service

2022-06-26 08:46:53

Internet Bug Bounty: CVE-2022-35252: control code in cookie denial of service

2022-08-31 10:55:50

ubuntucve

CVE-2022-35252

2022-08-31 00:00:00

ubuntu

curl vulnerability

2022-09-01 00:00:00

osv

curl vulnerability

2022-09-01 21:04:02

CVE-2022-35252

2022-09-23 14:15:12

control code in cookie denial of service

2022-08-31 08:00:00

redos

ROS-20221007-01

2022-10-07 00:00:00

cloudfoundry

USN-5587-1: curl vulnerability | Cloud Foundry

2022-09-29 00:00:00

alpinelinux

CVE-2022-35252

2022-09-23 14:15:12

veracode

Denial Of Service (DoS)

2022-09-01 05:02:48

ibm

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Input Validation in Curl (CVE-2022-35252)

2023-11-01 20:02:09

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in cURL libcurl (CVE-2022-35252)

2023-07-27 17:27:40

Security Bulletin: Vulnerabilities in cURL libcurl, PostgreSQL, PyPI cryptography, Node.js can affect IBM Spectrum Protect Plus

2023-06-20 16:46:31

mageia

Updated curl packages fix security vulnerability

2022-09-16 22:39:55

cbl_mariner

CVE-2022-35252 affecting package curl for versions less than 7.86.0-1

2022-11-16 02:26:15

CVE-2022-35252 affecting package curl 7.84.0-1

2022-11-24 00:45:35

nvd

CVE-2022-35252

2022-09-23 14:15:12

suse

Security update for curl (low)

2022-09-02 00:00:00

Security update for curl (low)

2022-09-02 00:00:00

redhatcve

CVE-2022-35252

2022-08-31 19:59:52

debiancve

CVE-2022-35252

2022-09-23 14:15:12

cve

CVE-2022-35252

2022-09-23 14:15:12

almalinux

Low: curl security update

2023-05-09 00:00:00

Low: curl security and bug fix update

2023-05-16 00:00:00

redhat

(RHSA-2023:2963) Low: curl security and bug fix update

2023-05-16 05:59:21

(RHSA-2023:2478) Low: curl security update

2023-05-09 05:11:57

(RHSA-2024:0428) Moderate: curl security and bug fix update

2024-01-24 14:40:32

oraclelinux

curl security and bug fix update

2023-05-24 00:00:00

curl security update

2023-05-15 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0240

2022-09-05 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0240

2022-09-05 00:00:00

Critical Photon OS Security Update - PHSA-2022-0512

2022-09-06 00:00:00

amazon

Medium: curl

2022-10-31 19:40:00

Medium: curl

2022-12-01 17:33:00

debian

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:19:47

ics

Siemens SINEC NMS Third-Party

2023-05-11 12:00:00

Siemens SCALANCE XCM332

2023-04-13 12:00:00

Siemens SINAMICS Medium Voltage Products

2023-06-15 12:00:00

apple

About the security content of macOS Big Sur 11.7.3

2023-01-23 00:00:00

About the security content of macOS Monterey 12.6.3

2023-01-23 00:00:00

About the security content of macOS Ventura 13.1

2022-12-13 00:00:00

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for PRION:CVE-2022-35252