Your submission was sent successfully! Close

CVE-2022-35252

Published: 31 August 2022

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Priority

Low

CVSS 3 base score: 3.7

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic
Released (7.58.0-2ubuntu3.20)
focal
Released (7.68.0-1ubuntu2.13)
jammy
Released (7.81.0-1ubuntu1.4)
trusty
Released (7.35.0-1ubuntu2.20+esm12)
upstream
Released (7.85.0)
xenial
Released (7.47.0-1ubuntu2.19+esm5)