A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.
{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.25",
"binary_name": "libcurl4"
}
],
"availability": "No subscription required"
}{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.10",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.10",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.10",
"binary_name": "libcurl4t64"
}
],
"availability": "No subscription required"
}{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "curl"
},
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "libcurl4t64"
}
],
"availability": "No subscription required"
}{
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "curl"
},
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "libcurl4t64"
}
]
}{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "7.47.0-1ubuntu2.19+esm16",
"binary_name": "curl"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm16",
"binary_name": "libcurl3"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm16",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm16",
"binary_name": "libcurl3-nss"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "7.58.0-2ubuntu3.24+esm9",
"binary_name": "curl"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm9",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm9",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm9",
"binary_name": "libcurl4"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_version": "7.68.0-1ubuntu2.25+esm4",
"binary_name": "curl"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm4",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm4",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm4",
"binary_name": "libcurl4"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}