VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-z2kk-kdaa-ckbh

Essentials
Severities (48)
References (31)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-z2kk-kdaa-ckbh
Aliases	CVE-2022-35252
Summary	When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Status	Published
Exploitability	0.5
Weighted Severity	3.3
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1286	Improper Validation of Syntactic Correctness of Input
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
cvssv3.1	Low	https://curl.se/docs/CVE-2022-35252.html
cvssv3.1	3.7	http://seclists.org/fulldisclosure/2023/Jan/20
ssvc	Track	http://seclists.org/fulldisclosure/2023/Jan/20
cvssv3.1	3.7	http://seclists.org/fulldisclosure/2023/Jan/21
ssvc	Track	http://seclists.org/fulldisclosure/2023/Jan/21
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.7	https://hackerone.com/reports/1613943
ssvc	Track	https://hackerone.com/reports/1613943
cvssv3.1	3.7	https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2022-35252
cvssv3.1	3.7	https://security.gentoo.org/glsa/202212-01
ssvc	Track	https://security.gentoo.org/glsa/202212-01
cvssv3.1	3.7	https://security.netapp.com/advisory/ntap-20220930-0005/
ssvc	Track	https://security.netapp.com/advisory/ntap-20220930-0005/
cvssv3.1	3.7	https://support.apple.com/kb/HT213603
ssvc	Track	https://support.apple.com/kb/HT213603
cvssv3.1	3.7	https://support.apple.com/kb/HT213604
ssvc	Track	https://support.apple.com/kb/HT213604

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-35252
		https://curl.se/docs/CVE-2022-35252.html
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://hackerone.com/reports/1613943
1018831		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831
20		http://seclists.org/fulldisclosure/2023/Jan/20
202212-01		https://security.gentoo.org/glsa/202212-01
21		http://seclists.org/fulldisclosure/2023/Jan/21
2120718		https://bugzilla.redhat.com/show_bug.cgi?id=2120718
cpe:2.3:a:haxx:curl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl::::::::
cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
cpe:2.3:a:netapp:element_software:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:splunk:universal_forwarder::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder::::::::
cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2022-35252		https://nvd.nist.gov/vuln/detail/CVE-2022-35252
HT213603		https://support.apple.com/kb/HT213603
HT213604		https://support.apple.com/kb/HT213604
msg00028.html		https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ntap-20220930-0005		https://security.netapp.com/advisory/ntap-20220930-0005/
RHSA-2022:8840		https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841		https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:2478		https://access.redhat.com/errata/RHSA-2023:2478
RHSA-2023:2963		https://access.redhat.com/errata/RHSA-2023:2963
RHSA-2024:0428		https://access.redhat.com/errata/RHSA-2024:0428
USN-5587-1		https://usn.ubuntu.com/5587-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/20

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/20

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/21

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://hackerone.com/reports/1613943

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://hackerone.com/reports/1613943

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35252

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202212-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.gentoo.org/glsa/202212-01

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20220930-0005/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0005/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213603

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213604

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213604

Exploit Prediction Scoring System (EPSS)

Percentile	0.20868
EPSS Score	0.00066
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:32:33.683685+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.14/main.json	37.0.0