var-202206-1962
Vulnerability from variot
A malicious server can serve excessive amounts of Set-Cookie:
headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on foo.example.com
can set cookies that also would match for bar.example.com
, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5495-1
June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5495-1 CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19 . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1962", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "universal forwarder", "scope": "eq", "trust": 1.0, "vendor": "splunk", "version": "9.1.0" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "solidfire", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "universal forwarder", "scope": "gte", "trust": 1.0, "vendor": "splunk", "version": "8.2.0" }, { "model": "universal forwarder", "scope": "gte", "trust": 1.0, "vendor": "splunk", "version": "9.0.0" }, { "model": "scalance sc632-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "curl", "scope": "gte", "trust": 1.0, "vendor": "haxx", "version": "7.71.0" }, { "model": "universal forwarder", "scope": "lt", "trust": 1.0, "vendor": "splunk", "version": "9.0.6" }, { "model": "scalance sc636-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "h300s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance sc622-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "h410s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "hci management node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "curl", "scope": "lt", "trust": 1.0, "vendor": "haxx", "version": "7.84.0" }, { "model": "scalance sc646-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "element software", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance sc642-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "h500s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "universal forwarder", "scope": "lt", "trust": 1.0, "vendor": "splunk", "version": "8.2.12" }, { "model": "h700s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance sc626-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "hci management node", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "scalance sc-622-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "element software", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "h300s", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "solidfire", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "clustered data ontap", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "curl", "scope": null, "trust": 0.8, "vendor": "haxx", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "macos", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "NVD", "id": "CVE-2022-32205" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.84.0", "versionStartIncluding": "7.71.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-32205" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu", "sources": [ { "db": "PACKETSTORM", "id": "167607" } ], "trust": 0.1 }, "cve": "CVE-2022-32205", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-32205", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-424132", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-32205", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-32205", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202206-2562", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-424132", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-32205", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-424132" }, { "db": "VULMON", "id": "CVE-2022-32205" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "CNNVD", "id": "CNNVD-202206-2562" }, { "db": "NVD", "id": "CVE-2022-32205" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen discovered that curl incorrectly handled certain cookies. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5495-1\n CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3\n https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12\n https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2022-32205" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "VULHUB", "id": "VHN-424132" }, { "db": "VULMON", "id": "CVE-2022-32205" }, { "db": "PACKETSTORM", "id": "167607" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "PACKETSTORM", "id": "170303" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-32205", "trust": 3.7 }, { "db": "HACKERONE", "id": "1569946", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-333517", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-18", "trust": 0.9 }, { "db": "PACKETSTORM", "id": "167607", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99464755", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99752892", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-166-12", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-075-01", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-103-09", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-015270", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "169318", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.6333", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3732", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3117", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2163", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5300", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3143", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022062927", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071142", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202206-2562", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-424132", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-32205", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170303", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-424132" }, { "db": "VULMON", "id": "CVE-2022-32205" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "PACKETSTORM", "id": "167607" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "PACKETSTORM", "id": "170303" }, { "db": "CNNVD", "id": "CNNVD-202206-2562" }, { "db": "NVD", "id": "CVE-2022-32205" } ] }, "id": "VAR-202206-1962", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-424132" } ], "trust": 0.6383838399999999 }, "last_update_date": "2024-03-27T21:37:32.967000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-333517", "trust": 0.8, "url": "https://www.debian.org/security/2022/dsa-5197" }, { "title": "curl Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=198519" }, { "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5495-1" }, { "title": "Red Hat: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-32205" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-32205" }, { "title": "Amazon Linux 2: ALAS2-2022-1875", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1875" }, { "title": "Debian Security Advisories: DSA-5197-1 curl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82" }, { "title": "Amazon Linux 2022: ALAS2022-2022-206", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-206" }, { "title": "Amazon Linux 2022: ALAS2022-2022-145", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-145" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2022-32205 " }, { "title": "", "trust": 0.1, "url": "https://github.com/holmes-py/reports-summary " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-32205" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "CNNVD", "id": "CNNVD-202206-2562" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.1 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-424132" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "NVD", "id": "CVE-2022-32205" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://hackerone.com/reports/1569946" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/202212-01" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht213488" }, { "trust": 1.8, "url": "https://www.debian.org/security/2022/dsa-5197" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2022/oct/28" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2022/oct/41" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99752892" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99464755" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3143" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2163" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071142" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3732" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022062927" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht213488" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5300" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-32205/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6333" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-set-cookie-38670" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3117" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206" }, { "trust": 0.2, "url": "https://ubuntu.com/security/notices/usn-5495-1" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/770.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2022-32205" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/curl" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" } ], "sources": [ { "db": "VULHUB", "id": "VHN-424132" }, { "db": "VULMON", "id": "CVE-2022-32205" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "PACKETSTORM", "id": "167607" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "PACKETSTORM", "id": "170303" }, { "db": "CNNVD", "id": "CNNVD-202206-2562" }, { "db": "NVD", "id": "CVE-2022-32205" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-424132" }, { "db": "VULMON", "id": "CVE-2022-32205" }, { "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "db": "PACKETSTORM", "id": "167607" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "PACKETSTORM", "id": "170303" }, { "db": "CNNVD", "id": "CNNVD-202206-2562" }, { "db": "NVD", "id": "CVE-2022-32205" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-07T00:00:00", "db": "VULHUB", "id": "VHN-424132" }, { "date": "2022-07-07T00:00:00", "db": "VULMON", "id": "CVE-2022-32205" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "date": "2022-06-28T15:26:16", "db": "PACKETSTORM", "id": "167607" }, { "date": "2022-08-28T19:12:00", "db": "PACKETSTORM", "id": "169318" }, { "date": "2022-12-19T13:48:31", "db": "PACKETSTORM", "id": "170303" }, { "date": "2022-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202206-2562" }, { "date": "2022-07-07T13:15:08.277000", "db": "NVD", "id": "CVE-2022-32205" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-05T00:00:00", "db": "VULHUB", "id": "VHN-424132" }, { "date": "2023-01-05T00:00:00", "db": "VULMON", "id": "CVE-2022-32205" }, { "date": "2023-09-26T06:29:00", "db": "JVNDB", "id": "JVNDB-2022-015270" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202206-2562" }, { "date": "2024-03-27T15:01:05.383000", "db": "NVD", "id": "CVE-2022-32205" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "169318" }, { "db": "CNNVD", "id": "CNNVD-202206-2562" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "curl\u00a0 Vulnerability in resource allocation without restrictions or throttling in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015270" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202206-2562" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.