CVE-2022-32206 : curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple t

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Published 2022-07-07 13:15:08

Updated 2024-03-27 15:00:54

Source HackerOne

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-32206

Probability of exploitation activity in the next 30 days: 0.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-32206

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-32206

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)

References for CVE-2022-32206

https://support.apple.com/kb/HT213488

About the security content of macOS Ventura 13 - Apple Support
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20220915-0003/

July 2022 Libcurl Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202212-01

curl: Multiple Vulnerabilities (GLSA 202212-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/

[SECURITY] Fedora 35 Update: curl-7.79.1-5.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Oct/41

Full Disclosure: APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
Mailing List;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Oct/28

Full Disclosure: APPLE-SA-2022-10-24-2 macOS Ventura 13
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/

[SECURITY] Fedora 35 Update: curl-7.79.1-5.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

[SECURITY] [DLA 3085-1] curl security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2022/dsa-5197

Debian -- Security Information -- DSA-5197-1 curl
Third Party Advisory

CVEs referencing this url
https://hackerone.com/reports/1570651

#1570651 CVE-2022-32206: HTTP compression denial of service
Exploit;Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/15/3

oss-security - curl: CVE-2023-23916: HTTP multi-header compression denial of service
Mailing List;Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

Patch;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-32206

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Siemens » Scalance Sc622-2c Firmware
Versions before (<) 3.0
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Sc622-2c » Version: N/A
Siemens » Scalance Sc632-2c Firmware
Versions before (<) 3.0
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Sc632-2c » Version: N/A
Siemens » Scalance Sc636-2c Firmware
Versions before (<) 3.0
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Sc636-2c » Version: N/A
Siemens » Scalance Sc642-2c Firmware
Versions before (<) 3.0
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Sc642-2c » Version: N/A
Siemens » Scalance Sc646-2c Firmware
Versions before (<) 3.0
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Sc646-2c » Version: N/A
Siemens » Scalance Sc626-2c Firmware
Versions before (<) 3.0
cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Sc626-2c » Version: N/A
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Element Software » Version: N/A
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » Bootstrap Os » Version: N/A
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Hci Compute Node » Version: N/A
Splunk » Universal Forwarder
Versions from including (>=) 9.0.0 and before (<) 9.0.6
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder
Versions from including (>=) 8.2.0 and before (<) 8.2.12
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder » Version: 9.1.0
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Matching versions
Haxx » Curl
Versions before (<) 7.84.0
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-32206

Exploit prediction scoring system (EPSS) score for CVE-2022-32206

CVSS scores for CVE-2022-32206

CWE ids for CVE-2022-32206

References for CVE-2022-32206

Products affected by CVE-2022-32206