CVE-2022-35252 – curl: Incorrect handling of control code characters in cookies
https://notcve.org/view.php?id=CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando códigos de control que cuando son enviados de vuelta a un servidor HTTP podrían hacer que el servidor devolviera respuestas 400. En efecto, permite que un "sitio hermano" deniegue el servicio a todos los hermanos. A vulnerability found in curl. • http://seclists.org/fulldisclosure/2023/Jan/20 http://seclists.org/fulldisclosure/2023/Jan/21 https://hackerone.com/reports/1613943 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220930-0005 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604 https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=212071 • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVE-2022-32208 – curl: FTP-KRB bad message verification
https://notcve.org/view.php?id=CVE-2022-32208
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificación de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://hackerone.com/reports/1590071 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220915-0003 https://support.apple.com/kb/HT213488 https://www.debian.org/security/2022/ • CWE-787: Out-of-bounds Write CWE-840: Business Logic Errors CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVE-2022-32206 – curl: HTTP compression denial of service
https://notcve.org/view.php?id=CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. curl versiones anteriores a 7.84.0, soporta algoritmos de compresión HTTP "encadenados", lo que significa que una respuesta al servidor puede ser comprimida múltiples veces y potencialmente con diferentes algoritmos. El número de "eslabones" aceptables en esta "cadena de descompresión" era ilimitado, lo que permitía a un servidor malicioso insertar un número prácticamente ilimitado de pasos de compresión. El uso de una cadena de descompresión de este tipo podía resultar en una "bomba de malloc", haciendo que curl acabara gastando enormes cantidades de memoria de montón asignada, o intentando y devolviendo errores de memoria A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://www.openwall.com/lists/oss-security/2023/02/15/3 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://hackerone.com/reports/1570651 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https:/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer credenciales cuando sigue redireccionamientos HTTP(S) es usado con la autenticación podría filtrar credenciales a otros servicios que se presentan en diferentes protocolos o números de puerto A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers. • https://hackerone.com/reports/1543773 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27774 https://bugzilla.redhat.com/show_bug.cgi?id=2077547 • CWE-522: Insufficiently Protected Credentials •
CVE-2022-27776 – curl: auth/cookie leak on redirect
https://notcve.org/view.php?id=CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom `Authorization:` or `Cookie:`headers. Those headers often contain privacy-sensitive information or data. • https://hackerone.com/reports/1547048 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redh • CWE-522: Insufficiently Protected Credentials •