CVE-2022-35252

CVE-2022-35252

Vendor N/A

Product https://github.com/curl/curl

Weakness CWE-20 · Input validation

Published September 23, 2022

Last update May 5, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Key dates

02Disclosure timeline

September 23, 2022 CVE published

May 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-35252 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE