Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-35260

Published: 05/12/2022 Updated: 27/03/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Haxx

Vulnerability Summary

It exists that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

netapp clustered data ontap -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

apple macos

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Ubuntu Security Notice: USN-5702-1: curl vulnerabilities
Several security issues were fixed in curl ...
Amazon Linux 2: ALAS2-2022-1882
A vulnerability was found in curl The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback This flaw may surprise ...
Red Hat:
Description<!---->A vulnerability was found in curl The issue occurs when curl is told to parse a `netrc` file for credentials If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, it can write a zero byte beyond its boundary This issue ...
Amazon Linux 2022: ALAS-2022-246
ALAS-2022-246 Amazon Linux 2022 Security Advisory: ALAS-2022-246 Advisory Release Date: 2022-12-06 16:44 Pacific ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-787https://hackerone.com/reports/1721098https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20230110-0006/https://support.apple.com/kb/HT213604https://support.apple.com/kb/HT213605http://seclists.org/fulldisclosure/2023/Jan/20http://seclists.org/fulldisclosure/2023/Jan/19https://ubuntu.com/security/notices/USN-5702-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook