发布时间: 2022年9月9日
修改时间: 2024年10月31日
When curl is used to retrieve and parse cookies from an HTTP(S) server, it accepts cookies using control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response. Effectively allowing a sister site to deny service to siblings.Reference:https://curl.se/docs/CVE-2022-35252.html
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 3.7 | 3.1 |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | Required |
| Availability | Low | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2023 | curl security update | 2022年9月9日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | curl | Fixed |
| KY3.4-5A | curl | Fixed |
| KY3.5.1 | curl | Fixed |
