Your submission was sent successfully! Close

USN-5587-1: curl vulnerability

1 September 2022

curl could be denied access to a HTTP(S) content if it recieved a specially crafted cookie.



  • curl - HTTP, HTTPS, and FTP client and client libraries


Axel Chong discovered that when curl accepted and sent back
cookies containing control bytes that a HTTP(S) server might
return a 400 (Bad Request Error) response. A malicious cookie
host could possibly use this to cause denial-of-service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.