Vulnerability Description
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.71.0, < 7.84.0 |
| Fedoraproject | Fedora | 35 |
| Debian | Debian Linux | 11.0 |
| Netapp | Clustered Data Ontap | - |
| Netapp | Element Software | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | H300S | - |
| Netapp | H300S Firmware | - |
| Netapp | H500S | - |
| Netapp | H500S Firmware | - |
| Netapp | H700S | - |
| Netapp | H700S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410S Firmware | - |
| Apple | Macos | < 13.0 |
| Siemens | Scalance Sc622-2C Firmware | < 3.0 |
| Siemens | Scalance Sc622-2C | - |
| Siemens | Scalance Sc626-2C Firmware | < 3.0 |
| Siemens | Scalance Sc626-2C | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2022/Oct/28Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Oct/41Mailing ListThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1569946ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220915-0003/Third Party Advisory
- https://support.apple.com/kb/HT213488Third Party Advisory
- https://www.debian.org/security/2022/dsa-5197Third Party Advisory
- http://seclists.org/fulldisclosure/2022/Oct/28Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Oct/41Mailing ListThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1569946ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
FAQ
What is CVE-2022-32205?
CVE-2022-32205 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HT...
How severe is CVE-2022-32205?
CVE-2022-32205 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32205?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora, Debian Debian Linux, Netapp Clustered Data Ontap, Netapp Element Software.