CURL-CVE-2022-27779

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2022-27779.html
Import Source
https://curl.se/docs/CURL-CVE-2022-27779.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2022-27779
Aliases
Published
2022-05-11T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
cookie for trailing dot TLD
Details

libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the hostname is provided with a trailing dot.

curl can be told to receive and send cookies when communicating using HTTP(S). curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support not provided, a more rudimentary check exists to at least prevent cookies from being set on TLDs. This check was broken if the hostname in the URL uses a trailing dot.

This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.

References
Credits
    • Axel Chong - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.82.0
Fixed
7.83.1
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
b27ad8e1d3e68eb3214fcbb398ca436873aa7c67
Fixed
7e92d12b4e6911f424678a133b19de670e183a59

Affected versions

7.*

7.82.0
7.83.0