CVE-2022-32206: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different…

CVE-2026-22036 [MEDIUM] Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion ### Impact The `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor. However, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. ### Patches Upgrade to 7.18.2 or 6.23.0. ### Workarounds It is possible to apply an undici interceptor and filter long `Content-Encoding` sequences manually. ### References * https://hackerone.com/reports/3456148 * https://gi

CVE-2026-22036 [MEDIUM] CWE-770 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion ### Impact The `fetch()` API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br). This is also supported by the undici decompress interceptor. However, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. ### Patches Upgrade to 7.18.2 or 6.23.0. ### Workarounds It is possible to apply an undici interceptor and filter long `Content-Encoding` sequences manually. ### References * https://hackerone.com/reports/3456148 * https://gi

CVE-2022-32205 [MEDIUM] curl regression curl regression USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.

CVE-2022-32206 [MEDIUM] CWE-770 GHSA-pphv-gw4r-gww8: curl < 7 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

CVE-2022-32206 [MEDIUM] CVE-2022-32206: curl < 7 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

CVE-2022-32205 [MEDIUM] curl vulnerabilities curl vulnerabilities Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-

CVE-2022-32205 [MEDIUM] curl regression Title: curl regression Summary: USN-5495-1 introduced a regression in curl USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information.

[HIGH] Siemens SCALANCE XCM332 ICS Advisory ## Siemens SCALANCE XCM332 Release DateApril 13, 2023 Alert CodeICSA-23-103-09 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SCALANCE XCM332 - Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-

Siemens SCALANCE SC-600 Family ## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs. ICS Advisory ## Siemens SCALANCE SC-600 Family Last RevisedDecember 15, 2022 Alert CodeICSA-22-349-18 ## 1. EXECUTIVE SUMMARY - CVSS v3 7.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SCALANCE SC-600 Family - Vulnerability: Out-of-bounds Write, Use After Free, Allocation of Resources Without Limits or Throttling ## 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a denial-of-service condition, corrupt memory, or potentially execute custom code. ## 3. TECHNICAL DETAILS ## 3.1 AFFECTED PRODUCTS The following versions

CVE-2022-32206 [MEDIUM] CVE-2022-32206: macOS Ventura 13 Apple Security Update: About the security content of macOS Ventura 13 Product: macOS Ventura Version: 13 CVE: CVE-2022-32206 Component: CVE-2022-32206

CVE-2022-32206 [MEDIUM] Oracle Oracle Communications Risk Matrix: Oracle Linux (cURL) — CVE-2022-32206 Oracle Oracle Communications Risk Matrix: Oracle Linux (cURL) vulnerability CVE: CVE-2022-32206 CVSS: 6.5 Protocol: HTTP Remote exploit: Yes Affected versions: Network Advisory: cpuoct2022 (OCT 2022)

CVE-2022-32206 [MEDIUM] CWE-770 curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner hackerone: hackerone Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-a

CVE-2022-32207 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possi

CVE-2022-32206 [MEDIUM] CWE-770 curl: HTTP compression denial of service curl: HTTP compression denial of service curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This fl

CVE-2022-32206 [MEDIUM] CVE-2022-32206: curl - curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a ser... curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Scope: local bookworm: resolved (fixed in 7.84.0-1) bullseye: resolved (fixed in 7.74.0-1.3+deb11u2) forky: resolved (fixed in 7.84.0-1) sid: resolved (fixed in 7.84.0-1) trixie: resolved (fixed in 7.84.0-1)

Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion **Summary:** Unbounded number of links in the decompression chain for HTTP responses in Node.js Fetch API **Description:** Fetch API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., `Content-Encoding: gzip, br`). However, the number of links in the decompression chain is unbounded and the default `maxHeaderSize` allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. ## Steps To Reproduce: Run scripts from attachments: 1.`BYTES=50000 LAYERS=5000 node server.js` to serve 50 KB of raw data compressed with Brotli 5000 times 2. `node client.js` to make a request

CVE-2023-23916 [MEDIUM] HTTP multi-header compression denial of service HTTP multi-header compression denial of service A server can send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers. Each listed encoding allocates a buffer. The number of encodings listed within each header is already limited but the number of headers is not, allowing an HTTP response to consume all available memory. ## Impact Consumes all available memory, resulting in a DoS. CVE-2023-23916: HTTP multi-header compression denial of service Project curl Security Advisory, February 15th 2023 VULNERABILITY curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the

CVE-2022-32206 [MEDIUM] CVE-2022-32206: HTTP compression denial of service CVE-2022-32206: HTTP compression denial of service curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. ## Impact Denial of service CVE-2022-32206: HTTP compression denial of service Project curl Security Advisory, June 27th 2022 VULNERABILITY curl supports "chained" HTTP compression algorithms, meaning that a server response c

CVE-2022-32206 [MEDIUM] CVE-2022-32206: HTTP compression denial of service CVE-2022-32206: HTTP compression denial of service ## Summary: Curl does not prevent resource consumption when processing certain header types, but keeps on allocating more and more resources until the application terminates (or the system crashes, see below). The attack vectors include (at least): - Sending many `Transfer-Encoding`with repeated encodings such as "gzip,gzip,gzip,..." - if `CURLOPT_ACCEPT_ENCODING` is set sending many `Content-Encoding` with repeated encodings such as "gzip,gzip,gzip,..." - Sending many `Set-Cookie` with unique cookie names and about 4kbyte value ## Steps To Reproduce: 1.Run the following HTTP server: `perl -e 'print "HTTP/1.1 200 OK\r\n";for (my $i=0; $i < 10000000; $i++) { printf "Transfer-Encoding: " . "gzip," x 20000 . "\r\n"; }' | nc -v -l -p 9999`