3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.9%
Axel Chong discovered that when curl accepted and sent back
cookies containing control bytes that a HTTP(S) server might
return a 400 (Bad Request Error) response. A malicious cookie
host could possibly use this to cause denial-of-service.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | libcurl3-gnutls | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | curl | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | curl-dbgsym | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl3-gnutls-dbgsym | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl3-nss | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl3-nss-dbgsym | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl4 | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl4-dbgsym | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl4-doc | < 7.81.0-1ubuntu1.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libcurl4-gnutls-dev | < 7.81.0-1ubuntu1.4 | UNKNOWN |
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.9%