ID

VAR-202206-1962


CVE

CVE-2022-32205


TITLE

curl  Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015270

DESCRIPTION

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3 Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5495-1 CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208 Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19 . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 >= 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2022-32205 // JVNDB: JVNDB-2022-015270 // VULHUB: VHN-424132 // VULMON: CVE-2022-32205 // PACKETSTORM: 167607 // PACKETSTORM: 169318 // PACKETSTORM: 170303

AFFECTED PRODUCTS

vendor:siemensmodel:scalance sc646-2cscope:ltversion:3.0

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:3.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:element softwarescope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:3.0

Trust: 1.0

vendor:haxxmodel:curlscope:gteversion:7.71.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:haxxmodel:curlscope:ltversion:7.84.0

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:3.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance sc626-2cscope:ltversion:3.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:netappmodel:hci management nodescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:netappmodel:element softwarescope: - version: -

Trust: 0.8

vendor:netappmodel:h300sscope: - version: -

Trust: 0.8

vendor:netappmodel:solidfirescope: - version: -

Trust: 0.8

vendor:netappmodel:clustered data ontapscope: - version: -

Trust: 0.8

vendor:haxxmodel:curlscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015270 // NVD: CVE-2022-32205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32205
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32205
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-2562
value: MEDIUM

Trust: 0.6

VULHUB: VHN-424132
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-32205
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-32205
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-424132
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-32205
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-32205
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-424132 // VULMON: CVE-2022-32205 // JVNDB: JVNDB-2022-015270 // CNNVD: CNNVD-202206-2562 // NVD: CVE-2022-32205

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-424132 // JVNDB: JVNDB-2022-015270 // NVD: CVE-2022-32205

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 169318 // CNNVD: CNNVD-202206-2562

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202206-2562

PATCH

title:SSA-333517url:https://www.debian.org/security/2022/dsa-5197

Trust: 0.8

title:curl Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=198519

Trust: 0.6

title:Ubuntu Security Notice: USN-5495-1: curl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5495-1

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-32205

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-32205

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1875url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1875

Trust: 0.1

title:Debian Security Advisories: DSA-5197-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d9b734e3e9b6712333c95a6263dead82

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-206url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-206

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-145url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-145

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-32205

Trust: 0.1

title: - url:https://github.com/holmes-py/reports-summary

Trust: 0.1

sources: VULMON: CVE-2022-32205 // JVNDB: JVNDB-2022-015270 // CNNVD: CNNVD-202206-2562

EXTERNAL IDS

db:NVDid:CVE-2022-32205

Trust: 3.7

db:HACKERONEid:1569946

Trust: 2.6

db:SIEMENSid:SSA-333517

Trust: 1.8

db:ICS CERTid:ICSA-22-349-18

Trust: 0.9

db:PACKETSTORMid:167607

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:JVNid:JVNVU99752892

Trust: 0.8

db:JVNid:JVNVU94715153

Trust: 0.8

db:ICS CERTid:ICSA-23-166-12

Trust: 0.8

db:ICS CERTid:ICSA-23-075-01

Trust: 0.8

db:ICS CERTid:ICSA-23-103-09

Trust: 0.8

db:JVNDBid:JVNDB-2022-015270

Trust: 0.8

db:PACKETSTORMid:169318

Trust: 0.7

db:AUSCERTid:ESB-2022.6333

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2022.3117

Trust: 0.6

db:AUSCERTid:ESB-2023.2163

Trust: 0.6

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:AUSCERTid:ESB-2023.3143

Trust: 0.6

db:CS-HELPid:SB2022062927

Trust: 0.6

db:CS-HELPid:SB2022071142

Trust: 0.6

db:CNNVDid:CNNVD-202206-2562

Trust: 0.6

db:VULHUBid:VHN-424132

Trust: 0.1

db:VULMONid:CVE-2022-32205

Trust: 0.1

db:PACKETSTORMid:170303

Trust: 0.1

sources: VULHUB: VHN-424132 // VULMON: CVE-2022-32205 // JVNDB: JVNDB-2022-015270 // PACKETSTORM: 167607 // PACKETSTORM: 169318 // PACKETSTORM: 170303 // CNNVD: CNNVD-202206-2562 // NVD: CVE-2022-32205

REFERENCES

url:https://hackerone.com/reports/1569946

Trust: 2.6

url:https://security.gentoo.org/glsa/202212-01

Trust: 1.9

url:https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20220915-0003/

Trust: 1.8

url:https://support.apple.com/kb/ht213488

Trust: 1.8

url:https://www.debian.org/security/2022/dsa-5197

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91561630

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99752892

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94715153

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99464755

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12

Trust: 0.8

url:https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3143

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2163

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071142

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062927

Trust: 0.6

url:https://support.apple.com/en-us/ht213488

Trust: 0.6

url:https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32205/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6333

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-denial-of-service-via-set-cookie-38670

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3117

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5495-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32208

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2022-32205

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30115

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35260

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22926

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32221

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

sources: VULHUB: VHN-424132 // VULMON: CVE-2022-32205 // JVNDB: JVNDB-2022-015270 // PACKETSTORM: 167607 // PACKETSTORM: 169318 // PACKETSTORM: 170303 // CNNVD: CNNVD-202206-2562 // NVD: CVE-2022-32205

CREDITS

Ubuntu

Trust: 0.1

sources: PACKETSTORM: 167607

SOURCES

db:VULHUBid:VHN-424132
db:VULMONid:CVE-2022-32205
db:JVNDBid:JVNDB-2022-015270
db:PACKETSTORMid:167607
db:PACKETSTORMid:169318
db:PACKETSTORMid:170303
db:CNNVDid:CNNVD-202206-2562
db:NVDid:CVE-2022-32205

LAST UPDATE DATE

2024-08-14T12:33:12.095000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424132date:2023-01-05T00:00:00
db:VULMONid:CVE-2022-32205date:2023-01-05T00:00:00
db:JVNDBid:JVNDB-2022-015270date:2023-09-26T06:29:00
db:CNNVDid:CNNVD-202206-2562date:2023-06-30T00:00:00
db:NVDid:CVE-2022-32205date:2024-03-27T15:01:05.383

SOURCES RELEASE DATE

db:VULHUBid:VHN-424132date:2022-07-07T00:00:00
db:VULMONid:CVE-2022-32205date:2022-07-07T00:00:00
db:JVNDBid:JVNDB-2022-015270date:2023-09-26T00:00:00
db:PACKETSTORMid:167607date:2022-06-28T15:26:16
db:PACKETSTORMid:169318date:2022-08-28T19:12:00
db:PACKETSTORMid:170303date:2022-12-19T13:48:31
db:CNNVDid:CNNVD-202206-2562date:2022-06-27T00:00:00
db:NVDid:CVE-2022-32205date:2022-07-07T13:15:08.277