CVE-2022-32206
curl: HTTP compression denial of service
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
curl versiones anteriores a 7.84.0, soporta algoritmos de compresión HTTP "encadenados", lo que significa que una respuesta al servidor puede ser comprimida múltiples veces y potencialmente con diferentes algoritmos. El número de "eslabones" aceptables en esta "cadena de descompresión" era ilimitado, lo que permitía a un servidor malicioso insertar un número prácticamente ilimitado de pasos de compresión. El uso de una cadena de descompresión de este tipo podía resultar en una "bomba de malloc", haciendo que curl acabara gastando enormes cantidades de memoria de montón asignada, o intentando y devolviendo errores de memoria
A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a malicious actor.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-01 CVE Reserved
- 2022-06-28 CVE Published
- 2024-04-21 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List |
|
| http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2023/02/15/3 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20220915-0003 | Third Party Advisory |
|
| https://support.apple.com/kb/HT213488 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/1570651 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf | 2024-03-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Bootstrap Os Search vendor "Netapp" for product "Bootstrap Os" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc622-2c Firmware Search vendor "Siemens" for product "Scalance Sc622-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc622-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc622-2c Search vendor "Siemens" for product "Scalance Sc622-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc626-2c Firmware Search vendor "Siemens" for product "Scalance Sc626-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc626-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc626-2c Search vendor "Siemens" for product "Scalance Sc626-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc632-2c Firmware Search vendor "Siemens" for product "Scalance Sc632-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc632-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc632-2c Search vendor "Siemens" for product "Scalance Sc632-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc636-2c Firmware Search vendor "Siemens" for product "Scalance Sc636-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc636-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc636-2c Search vendor "Siemens" for product "Scalance Sc636-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc642-2c Firmware Search vendor "Siemens" for product "Scalance Sc642-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc642-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc642-2c Search vendor "Siemens" for product "Scalance Sc642-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc646-2c Firmware Search vendor "Siemens" for product "Scalance Sc646-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc646-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc646-2c Search vendor "Siemens" for product "Scalance Sc646-2c" | - | - |
Safe
|
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | < 7.84.0 Search vendor "Haxx" for product "Curl" and version " < 7.84.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | 9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0" | - |
Affected
| ||||||