Lucene search
IBMDBB7E54BB099003C8F7B216174943587623C9DF36C0EEB969EB4E5CA53564946HistoryNov 01, 2023 - 8:02 p.m.
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Input Validation in Curl (CVE-2022-35252)
2023-11-0120:02:09
www.ibm.com
13
ibm storage ceph
improper input validation
curl
denial of service
vulnerability
cve-2022-35252
rhel
upgrade
Summary
Curl is used by IBM Storage Ceph as part of RHEL, the base operating system. CVE-2022-35252
Vulnerability Details
CVEID:CVE-2022-35252
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a flaw when cookies contain control codes are later sent back to an HTTP(S) server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a “sister site” to deny service to siblings.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234980 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Ceph | <6.1 |
| IBM Storage Ceph | 5.3z1-z4 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now.
Download the latest version of IBM Storage Ceph and upgrade to 6.1 by following instructions.
<https://public.dhe.ibm.com/ibmdl/export/pub/storage/ceph/>
<https://www.ibm.com/docs/en/storage-ceph/6?topic=upgrading>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm storage ceph | eq | 5.3 | |
| ibm storage ceph | eq | 1 | |
| ibm storage ceph | eq | 4 |
Related
cvelist
cvelist
CVE-2022-35252
2022-09-23 00:00:00
nessus
nessus
EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-1186)
2023-01-10 00:00:00
EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2790)
2022-12-08 00:00:00
slackware
slackware
[slackware-security] curl
2022-09-01 03:09:16
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1143)
2023-01-12 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1186)
2023-01-12 00:00:00
openSUSE: Security Advisory for curl (SUSE-SU-2022:3004-1)
2022-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-8.fc36
2022-09-06 10:05:29
[SECURITY] Fedora 37 Update: curl-7.85.0-1.fc37
2022-09-14 00:23:17
[SECURITY] Fedora 35 Update: curl-7.79.1-6.fc35
2022-09-19 01:21:12
hackerone
hackerone
curl: CVE-2022-35252: control code in cookie denial of service
2022-06-26 08:46:53
ubuntucve
ubuntucve
CVE-2022-35252
2022-08-31 00:00:00
redos
redos
ROS-20221007-01
2022-10-07 00:00:00
cloudfoundry
cloudfoundry
USN-5587-1: curl vulnerability | Cloud Foundry
2022-09-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-01 05:02:48
alpinelinux
alpinelinux
CVE-2022-35252
2022-09-23 14:15:00
mageia
mageia
Updated curl packages fix security vulnerability
2022-09-16 22:39:55
cbl_mariner
cbl_mariner
CVE-2022-35252 affecting package curl for versions less than 7.86.0-1
2022-11-16 02:26:15
CVE-2022-35252 affecting package curl 7.84.0-1
2022-11-24 00:45:35
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in cURL libcurl (CVE-2022-35252)
2023-07-27 17:27:40
prion
prion
Design/Logic Flaw
2022-09-23 14:15:00
cve
cve
CVE-2022-35252
2022-09-23 14:15:00
debiancve
debiancve
CVE-2022-35252
2022-09-23 14:15:00
osv
osv
CVE-2022-35252
2022-09-23 14:15:12
Low: curl security and bug fix update
2023-05-16 00:00:00
Low: curl security update
2023-05-09 00:00:00
redhatcve
redhatcve
CVE-2022-35252
2022-08-31 19:59:52
oraclelinux
oraclelinux
curl security and bug fix update
2023-05-24 00:00:00
curl security update
2023-05-15 00:00:00
almalinux
almalinux
Low: curl security update
2023-05-09 00:00:00
Low: curl security and bug fix update
2023-05-16 00:00:00
redhat
redhat
(RHSA-2023:2963) Low: curl security and bug fix update
2023-05-16 05:59:21
(RHSA-2023:2478) Low: curl security update
2023-05-09 05:11:57
(RHSA-2024:0428) Moderate: curl security and bug fix update
2024-01-24 14:40:32
photon
photon
Important Photon OS Security Update - PHSA-2022-0240
2022-09-05 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0240
2022-09-05 00:00:00
Critical Photon OS Security Update - PHSA-2022-0512
2022-09-06 00:00:00
amazon
amazon
Medium: curl
2022-10-31 19:40:00
Medium: curl
2022-12-01 17:33:00
ics
ics
Siemens SINEC NMS Third-Party
2023-05-11 12:00:00
Siemens SCALANCE XCM332
2023-04-13 12:00:00
Siemens SINAMICS Medium Voltage Products
2023-06-15 12:00:00
apple
apple
About the security content of macOS Big Sur 11.7.3
2023-01-23 00:00:00
About the security content of macOS Monterey 12.6.3
2023-01-23 00:00:00
About the security content of macOS Ventura 13.1
2022-12-13 00:00:00
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.6%
Related for DBB7E54BB099003C8F7B216174943587623C9DF36C0EEB969EB4E5CA53564946