6.5

CVE-2022-32206

Exploit
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version < 7.84.0
FedoraprojectFedora Version35
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
NetappElement Software Version-
NetappSolidfire Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
SiemensScalance Sc622-2c Firmware Version < 3.0
   SiemensScalance Sc622-2c Version-
SiemensScalance Sc626-2c Firmware Version < 3.0
   SiemensScalance Sc626-2c Version-
SiemensScalance Sc632-2c Firmware Version < 3.0
   SiemensScalance Sc632-2c Version-
SiemensScalance Sc636-2c Firmware Version < 3.0
   SiemensScalance Sc636-2c Version-
SiemensScalance Sc642-2c Firmware Version < 3.0
   SiemensScalance Sc642-2c Version-
SiemensScalance Sc646-2c Firmware Version < 3.0
   SiemensScalance Sc646-2c Version-
SplunkUniversal Forwarder Version >= 8.2.0 < 8.2.12
SplunkUniversal Forwarder Version >= 9.0.0 < 9.0.6
SplunkUniversal Forwarder Version9.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 31.97% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2022/dsa-5197
Third Party Advisory
https://security.gentoo.org/glsa/202212-01
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/41
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213488
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20220915-0003/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/15/3
Third Party Advisory
Mailing List
https://hackerone.com/reports/1570651
Third Party Advisory
Exploit