CVE-2022-27779

moderate-risk

Published 2022-06-02

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (12)

Curl

Hci Bootstrap Os

Clustered Data Ontap

Solidfire\, Enterprise Sds \& Hci Storage Node

Solidfire \& Hci Management Node

Hci Compute Node

H410S Firmware

H700S Firmware

H500S Firmware

H300S Firmware

Universal Forwarder

Affected Vendors

Haxx Netapp Splunk

References (6)

Exploit https://hackerone.com/reports/1553301

Third Party Advisory https://security.gentoo.org/glsa/202212-01

Third Party Advisory https://security.netapp.com/advisory/ntap-20220609-0009/

Exploit https://hackerone.com/reports/1553301

Third Party Advisory https://security.gentoo.org/glsa/202212-01

Third Party Advisory https://security.netapp.com/advisory/ntap-20220609-0009/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 17/34 · Moderate