VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-z4n7-e83t-hucq

Essentials
Severities (20)
References (21)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-z4n7-e83t-hucq
Aliases	CVE-2022-35252
Summary	curl: Incorrect handling of control code characters in cookies
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1286	Improper Validation of Syntactic Correctness of Input
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
cvssv3.1	Low	https://curl.se/docs/CVE-2022-35252.html
cvssv3.1	3.7	http://seclists.org/fulldisclosure/2023/Jan/20
ssvc	Track	http://seclists.org/fulldisclosure/2023/Jan/20
cvssv3.1	3.7	http://seclists.org/fulldisclosure/2023/Jan/21
ssvc	Track	http://seclists.org/fulldisclosure/2023/Jan/21
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.7	https://hackerone.com/reports/1613943
ssvc	Track	https://hackerone.com/reports/1613943
cvssv3.1	3.7	https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
cvssv3.1	3.7	https://security.gentoo.org/glsa/202212-01
ssvc	Track	https://security.gentoo.org/glsa/202212-01
cvssv3.1	3.7	https://security.netapp.com/advisory/ntap-20220930-0005/
ssvc	Track	https://security.netapp.com/advisory/ntap-20220930-0005/
cvssv3.1	3.7	https://support.apple.com/kb/HT213603
ssvc	Track	https://support.apple.com/kb/HT213603
cvssv3.1	3.7	https://support.apple.com/kb/HT213604
ssvc	Track	https://support.apple.com/kb/HT213604

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-35252
		https://curl.se/docs/CVE-2022-35252.html
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://hackerone.com/reports/1613943
1018831		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831
20		http://seclists.org/fulldisclosure/2023/Jan/20
21		http://seclists.org/fulldisclosure/2023/Jan/21
2120718		https://bugzilla.redhat.com/show_bug.cgi?id=2120718
GLSA-202212-01		https://security.gentoo.org/glsa/202212-01
HT213603		https://support.apple.com/kb/HT213603
HT213604		https://support.apple.com/kb/HT213604
msg00028.html		https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ntap-20220930-0005		https://security.netapp.com/advisory/ntap-20220930-0005/
RHSA-2022:8840		https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841		https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:2478		https://access.redhat.com/errata/RHSA-2023:2478
RHSA-2023:2963		https://access.redhat.com/errata/RHSA-2023:2963
RHSA-2024:0428		https://access.redhat.com/errata/RHSA-2024:0428
USN-5587-1		https://usn.ubuntu.com/5587-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/20

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/20

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/21

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://hackerone.com/reports/1613943

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://hackerone.com/reports/1613943

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202212-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.gentoo.org/glsa/202212-01

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20220930-0005/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0005/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213603

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213604

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213604

Exploit Prediction Scoring System (EPSS)

Percentile	0.52523
EPSS Score	0.00289
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:11:45.486847+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json	38.6.0