CURL-CVE-2022-27779

Source
https://curl.se/docs/CVE-2022-27779.html
Import Source
https://curl.se/docs/CURL-CVE-2022-27779.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2022-27779
Aliases
Published
2022-05-11T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
cookie for trailing dot TLD
Details

libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the hostname is provided with a trailing dot.

curl can be told to receive and send cookies when communicating using HTTP(S). curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support not provided, a more rudimentary check exists to at least prevent cookies from being set on TLDs. This check was broken if the hostname in the URL uses a trailing dot.

This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.

References
Credits
    • Axel Chong - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.82.0
Fixed
7.83.1
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.82.0
7.83.0