CVE-2022-32205 (CNNVD-202206-2562)
中文标题:
curl 资源管理错误漏洞
英文标题:
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl a...
漏洞描述
中文描述:
curl是一款用于从服务器传输数据或向服务器传输数据的工具。 curl 7.71.0版本到7.83.1版本存在资源管理错误漏洞,该漏洞源于curl对于生成的HTTP请求中Set-Cookie大小缺少限制。攻击者利用该漏洞可以实现拒绝服务攻击。
英文描述:
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| haxx | curl | * | - | - |
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 35 | - | - |
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
|
| debian | debian_linux | 11.0 | - | - |
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
|
| netapp | clustered_data_ontap | - | - | - |
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
|
| netapp | element_software | - | - | - |
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
|
| netapp | hci_management_node | - | - | - |
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
|
| netapp | solidfire | - | - | - |
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
|
| netapp | h300s_firmware | - | - | - |
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
|
| netapp | h500s_firmware | - | - | - |
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
|
| netapp | h700s_firmware | - | - | - |
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
|
| netapp | h410s_firmware | - | - | - |
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
|
| apple | macos | * | - | - |
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
| siemens | scalance_sc622-2c_firmware | * | - | - |
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*
|
| siemens | scalance_sc626-2c_firmware | * | - | - |
cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*
|
| siemens | scalance_sc632-2c_firmware | * | - | - |
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*
|
| siemens | scalance_sc636-2c_firmware | * | - | - |
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*
|
| siemens | scalance_sc642-2c_firmware | * | - | - |
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*
|
| siemens | scalance_sc646-2c_firmware | * | - | - |
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*
|
| splunk | universal_forwarder | * | - | - |
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
|
| splunk | universal_forwarder | 9.1.0 | - | - |
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
3.1 (adp)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2022-32205 |
2025-11-11 15:21:27 | 2025-11-11 07:37:33 |
| NVD | nvd_CVE-2022-32205 |
2025-11-11 14:58:20 | 2025-11-11 07:45:47 |
| CNNVD | cnnvd_CNNVD-202206-2562 |
2025-11-11 15:10:55 | 2025-11-11 07:57:21 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 资源管理错误
- cnnvd_id: 未提取 -> CNNVD-202206-2562
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 20
- data_sources: ['cve'] -> ['cve', 'nvd']