Search for vulnerabilities
Vulnerability details: VCID-z2kk-kdaa-ckbh
Vulnerability ID VCID-z2kk-kdaa-ckbh
Aliases CVE-2022-35252
Summary When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1286 Improper Validation of Syntactic Correctness of Input
CWE-20 Improper Input Validation
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2022-35252
cvssv3.1 Low https://curl.se/docs/CVE-2022-35252.html
cvssv3.1 3.7 http://seclists.org/fulldisclosure/2023/Jan/20
ssvc Track http://seclists.org/fulldisclosure/2023/Jan/20
cvssv3.1 3.7 http://seclists.org/fulldisclosure/2023/Jan/21
ssvc Track http://seclists.org/fulldisclosure/2023/Jan/21
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 3.7 https://hackerone.com/reports/1613943
ssvc Track https://hackerone.com/reports/1613943
cvssv3.1 3.7 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
cvssv3.1 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-35252
cvssv3.1 3.7 https://security.gentoo.org/glsa/202212-01
ssvc Track https://security.gentoo.org/glsa/202212-01
cvssv3.1 3.7 https://security.netapp.com/advisory/ntap-20220930-0005/
ssvc Track https://security.netapp.com/advisory/ntap-20220930-0005/
cvssv3.1 3.7 https://support.apple.com/kb/HT213603
ssvc Track https://support.apple.com/kb/HT213603
cvssv3.1 3.7 https://support.apple.com/kb/HT213604
ssvc Track https://support.apple.com/kb/HT213604
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
https://api.first.org/data/v1/epss?cve=CVE-2022-35252
https://curl.se/docs/CVE-2022-35252.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1613943
1018831 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831
20 http://seclists.org/fulldisclosure/2023/Jan/20
202212-01 https://security.gentoo.org/glsa/202212-01
21 http://seclists.org/fulldisclosure/2023/Jan/21
2120718 https://bugzilla.redhat.com/show_bug.cgi?id=2120718
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252
HT213603 https://support.apple.com/kb/HT213603
HT213604 https://support.apple.com/kb/HT213604
msg00028.html https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ntap-20220930-0005 https://security.netapp.com/advisory/ntap-20220930-0005/
RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:2478 https://access.redhat.com/errata/RHSA-2023:2478
RHSA-2023:2963 https://access.redhat.com/errata/RHSA-2023:2963
RHSA-2024:0428 https://access.redhat.com/errata/RHSA-2024:0428
USN-5587-1 https://usn.ubuntu.com/5587-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/20
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/20
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/21
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://hackerone.com/reports/1613943
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://hackerone.com/reports/1613943
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35252
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202212-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.gentoo.org/glsa/202212-01
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20220930-0005/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0005/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213603
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213603
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213604
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213604
Exploit Prediction Scoring System (EPSS)
Percentile 0.20868
EPSS Score 0.00066
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:32:33.683685+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.14/main.json 37.0.0