How severe is CVE-2022-32205?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-32205?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2022-32205

MEDIUM Year: 2022

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-770

View all →

Vulnerability Description

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

CVE-2019-3721

MEDIUM

CVSS:4.3(Medium)

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with ove...

CWE-7702019

CVE-2020-28200

MEDIUM

CVSS:4.3(Medium)

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.

CWE-7702020

CVE-2021-25666

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause ...

CWE-7702021

CVE-2021-25671

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected ...

CWE-7702021

CVE-2021-33011

MEDIUM

CVSS:4.3(Medium)

All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attac...

CWE-7702021

CVE-2021-33320

MEDIUM

CVSS:4.3(Medium)

The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged...

CWE-7702021

CVE-2022-32205

Vulnerability Description

Related Vulnerabilities

CVE-2019-3721

CVE-2020-28200

CVE-2021-25666

CVE-2021-25671

CVE-2021-33011

CVE-2021-33320