CVE-2022-32205 Information
Description
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this or other servers to which the cookies match create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept match and haven’t expired. Due to cookie matching rules a server on foo.example.com can set cookies that also would match for bar.example.com making it it possible for a \sister server\ to effectively cause a denial of service for a sibling site on the same second level domain using this method.
Reference
https://hackerone.com/reports/1569946
A
malicious
server
can
serve
excessive
amounts
of
Set-Cookie:
headers
in
a
HTTP
response
to
curl
and
curl
<
7.84.0
stores
all
of
them.
A
sufficiently
large
amount
of
(big)
cookies
make
subsequent
HTTP
requests
to
this
or
other
servers
to
which
the
cookies
match
create
requests
that
become
larger
than
the
threshold
that
curl
uses
internally
to
avoid
sending
crazy
large
requests
(1048576
bytes)
and
instead
returns
an
error.This
denial
state
might
remain
for
as
long
as
the
same
cookies
are
kept
match
and
haven’t
expired.
Due
to
cookie
matching
rules
a
server
on
foo.example.com
can
set
cookies
that
also
would
match
for
bar.example.com
making
it
it
possible
for
a
\sister
server
to
effectively
cause
a
denial
of
service
for
a
sibling
site
on
the
same
second
level
domain
using
this
method.