Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2xmp-jc8v-bucb
Vulnerability ID VCID-2xmp-jc8v-bucb
Aliases CVE-2022-35252
Summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1286 Improper Validation of Syntactic Correctness of Input
CWE-20 Improper Input Validation
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
cvssv3.1 Low https://curl.se/docs/CVE-2022-35252.html
cvssv3.1 3.7 http://seclists.org/fulldisclosure/2023/Jan/20
ssvc Track http://seclists.org/fulldisclosure/2023/Jan/20
cvssv3.1 3.7 http://seclists.org/fulldisclosure/2023/Jan/21
ssvc Track http://seclists.org/fulldisclosure/2023/Jan/21
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 3.7 https://hackerone.com/reports/1613943
ssvc Track https://hackerone.com/reports/1613943
cvssv3.1 3.7 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
cvssv3.1 3.7 https://security.gentoo.org/glsa/202212-01
ssvc Track https://security.gentoo.org/glsa/202212-01
cvssv3.1 3.7 https://security.netapp.com/advisory/ntap-20220930-0005/
ssvc Track https://security.netapp.com/advisory/ntap-20220930-0005/
cvssv3.1 3.7 https://support.apple.com/kb/HT213603
ssvc Track https://support.apple.com/kb/HT213603
cvssv3.1 3.7 https://support.apple.com/kb/HT213604
ssvc Track https://support.apple.com/kb/HT213604
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
https://api.first.org/data/v1/epss?cve=CVE-2022-35252
https://curl.se/docs/CVE-2022-35252.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1613943
1018831 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831
20 http://seclists.org/fulldisclosure/2023/Jan/20
21 http://seclists.org/fulldisclosure/2023/Jan/21
2120718 https://bugzilla.redhat.com/show_bug.cgi?id=2120718
GLSA-202212-01 https://security.gentoo.org/glsa/202212-01
HT213603 https://support.apple.com/kb/HT213603
HT213604 https://support.apple.com/kb/HT213604
msg00028.html https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ntap-20220930-0005 https://security.netapp.com/advisory/ntap-20220930-0005/
RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:2478 https://access.redhat.com/errata/RHSA-2023:2478
RHSA-2023:2963 https://access.redhat.com/errata/RHSA-2023:2963
RHSA-2024:0428 https://access.redhat.com/errata/RHSA-2024:0428
USN-5587-1 https://usn.ubuntu.com/5587-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/20
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/20
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/21
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://hackerone.com/reports/1613943
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://hackerone.com/reports/1613943
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202212-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.gentoo.org/glsa/202212-01
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20220930-0005/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0005/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213603
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213603
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213604
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213604
Exploit Prediction Scoring System (EPSS)
Percentile 0.43779
EPSS Score 0.00212
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:24.173430+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202212-01 38.0.0