Oval Definition:oval:org.opensuse.security:def:202232205
Revision Date:2023-06-22Version:1
Title:CVE-2022-32205
Description:

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-32205
SUSE CVE-2022-32205
SUSE-CU-2022:1415-1
SUSE-CU-2022:1416-1
SUSE-CU-2022:1417-1
SUSE-CU-2022:1418-1
SUSE-CU-2022:1419-1
SUSE-CU-2022:1420-1
SUSE-CU-2022:1421-1
SUSE-CU-2022:1422-1
SUSE-CU-2022:1423-1
SUSE-CU-2022:1424-1
SUSE-CU-2022:1425-1
SUSE-CU-2022:1426-1
SUSE-CU-2022:1427-1
SUSE-CU-2022:1429-1
SUSE-CU-2022:1430-1
SUSE-CU-2022:1431-1
SUSE-CU-2022:1433-1
SUSE-CU-2022:1435-1
SUSE-CU-2022:1436-1
SUSE-CU-2022:1437-1
SUSE-CU-2022:1438-1
SUSE-CU-2022:1471-1
SUSE-CU-2022:1771-1
SUSE-IU-2022:953-1
SUSE-IU-2022:954-1
SUSE-IU-2022:955-1
SUSE-SU-2022:2305-1
SUSE-CU-2022:2123-1
SUSE-CU-2022:2124-1
SUSE-CU-2022:2125-1
SUSE-CU-2022:2126-1
SUSE-CU-2022:2149-1
SUSE-CU-2022:2655-1
SUSE-CU-2022:3269-1
SUSE-CU-2023:1103-1
SUSE-CU-2023:1104-1
SUSE-CU-2023:1105-1
SUSE-CU-2023:321-1
SUSE-CU-2023:322-1
SUSE-CU-2023:323-1
SUSE-CU-2023:324-1
Platform(s):Image SLES15-SP4-Manager-Proxy-4-3-BYOS
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
Image SLES15-SP4-Manager-Server-4-3-BYOS
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.1 is installed
  • AND Package Information
  • curl is not affected
  • OR libcurl4 is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.2 is installed
  • AND Package Information
  • curl is not affected
  • OR libcurl4 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • curl-7.79.1-150400.5.3.1 is installed
  • OR libcurl-devel-7.79.1-150400.5.3.1 is installed
  • OR libcurl4-7.79.1-150400.5.3.1 is installed
  • OR libcurl4-32bit-7.79.1-150400.5.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND
  • curl-7.79.1-150400.5.3.1 is installed
  • OR libcurl-devel-7.79.1-150400.5.3.1 is installed
  • OR libcurl4-7.79.1-150400.5.3.1 is installed
  • OR libcurl4-32bit-7.79.1-150400.5.3.1 is installed
  • OR Package Information
  • Image SLES15-SP4-Manager-Proxy-4-3-BYOS is installed
  • OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure is installed
  • OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 is installed
  • OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE is installed
  • AND
  • curl-7.79.1-150400.5.3.1 is installed
  • OR libcurl4-7.79.1-150400.5.3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND Package Information
  • curl is not affected
  • OR libcurl4 is not affected
  • OR libcurl4-32bit is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND curl is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • AND
  • curl is not affected
  • OR libcurl4 is not affected
  • OR libcurl4-32bit is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND Package Information
  • curl is not affected
  • OR libcurl-devel is not affected
  • OR libcurl4 is not affected
  • OR libcurl4-32bit is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • curl-8.0.1-150400.5.23.1 is installed
  • OR libcurl-devel-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-32bit-8.0.1-150400.5.23.1 is installed
    • BACK