CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42916 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-42916
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. En curl anterior a 7.86.0, se podía omitir la verificación HSTS para engañarlo y que se quedara con HTTP. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 http://www.openwall.com/lists/oss-security/2022/12/21/1 https://curl.se/docs/CVE-2022-42916.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorap • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 3.7EPSS: 0%CPEs: 21EXPL: 1CVE-2022-35252 – curl: Incorrect handling of control code characters in cookies
https://notcve.org/view.php?id=CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando códigos de control que cuando son enviados de vuelta a un servidor HTTP podrían hacer que el servidor devolviera respuestas 400. En efecto, permite que un "sitio hermano" deniegue el servicio a todos los hermanos. A vulnerability found in curl. • http://seclists.org/fulldisclosure/2023/Jan/20 http://seclists.org/fulldisclosure/2023/Jan/21 https://hackerone.com/reports/1613943 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220930-0005 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604 https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=212071 • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •