CVE-2022-32207
published 2022-07-07CVE-2022-32207: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.48%
91.7th percentile
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 13.0 | 13.0 |
| apple | macos_ventura | — | — |
| debian | curl | < curl 7.84.0-1 (bookworm) | curl 7.84.0-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u2 |
| haxx | curl | >= 0 < 7.84.0-1 | 7.84.0-1 |
| haxx | curl | >= 0 < 7.84.0-1 | 7.84.0-1 |
| haxx | curl | >= 0 < 7.84.0-1 | 7.84.0-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.19 | 7.58.0-2ubuntu3.19 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.12 | 7.68.0-1ubuntu2.12 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.3 | 7.81.0-1ubuntu1.3 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.21 | 7.81.0-1ubuntu1.21 |
| haxx | curl | >= 7.69.0 < 7.84.0 | 7.84.0 |
| https | github.com_curl_curl | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_curl_7.84.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.84.0-1_on_cbl_mariner_1.0 | — | — |
| paloalto | pan-os | — | — |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
curl regression
vendor_ubuntu·2025-09-29·CVSS 4.3
CVE-2022-32205 [MEDIUM] curl regression
Title: curl regression
Summary: USN-5495-1 introduced a regression in curl
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205
miscalculated the maximum cookie size, causing a regression. This update
fixes the problem.
Original advisory details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2010-1622 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
CISA ICS
Siemens RUGGEDCOM ROX
cisa_ics·2023-07-13
Siemens RUGGEDCOM ROX
ICS Advisory
##
Siemens RUGGEDCOM ROX
Release DateJuly 13, 2023
Alert CodeICSA-23-194-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM ROX
- Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate Encryption Strength, Use of a Broken or Risky Cryptographic Algorithm.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet c
CISA ICS
Siemens SCALANCE XCM332
cisa_ics·2023-04-13·CVSS 7.5
[HIGH] Siemens SCALANCE XCM332
ICS Advisory
##
Siemens SCALANCE XCM332
Release DateApril 13, 2023
Alert CodeICSA-23-103-09
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM332
- Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-
Apple
CVE-2022-32207: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 9.8
CVE-2022-32207 [CRITICAL] CVE-2022-32207: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-32207
Component: CVE-2022-32207
Oracle
Oracle Oracle MySQL Risk Matrix: Enterprise Backup: Security (cURL) — CVE-2022-32207
vendor_oracle·2022-10-15·CVSS 9.8
CVE-2022-32207 [CRITICAL] Oracle Oracle MySQL Risk Matrix: Enterprise Backup: Security (cURL) — CVE-2022-32207
Oracle Oracle MySQL Risk Matrix: Enterprise Backup: Security (cURL) vulnerability
CVE: CVE-2022-32207
CVSS: 9.8
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2022 (OCT 2022)
Microsoft
When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In tha
vendor_msrc·2022-07-12·CVSS 9.8
CVE-2022-32207 [CRITICAL] CWE-276 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In tha
When curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
hackerone: hackerone
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutor
Red Hat
curl: Unpreserved file permissions
vendor_redhat·2022-06-27·CVSS 9.8
CVE-2022-32207 [CRITICAL] CWE-281 curl: Unpreserved file permissions
curl: Unpreserved file permissions
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by mistake or by a malicious actor.
Package: rh-dotnet31-curl (.NET Core 3.1 on Red Hat Enterprise Linux
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-06-27·CVSS 4.3
CVE-2022-32207 [MEDIUM] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possi
Debian
CVE-2022-32207: curl - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes...
vendor_debian·2022·CVSS 9.8
CVE-2022-32207 [CRITICAL] CVE-2022-32207: curl - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes...
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Scope: local
bookworm: resolved (fixed in 7.84.0-1)
bullseye: resolved (fixed in 7.74.0-1.3+deb11u2)
forky: resolved (fixed in 7.84.0-1)
sid: resolved (fixed in 7.84.0-1)
trixie: resolved (fixed in 7.84.0-1)
OSV
curl regression
osv·2025-09-29·CVSS 4.3
CVE-2022-32205 [MEDIUM] curl regression
curl regression
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205
miscalculated the maximum cookie size, causing a regression. This update
fixes the problem.
Original advisory details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.
GHSA
GHSA-mvxp-vg38-gq5c: When curl < 7
ghsa_unreviewed·2022-07-08
CVE-2022-32207 [CRITICAL] CWE-276 GHSA-mvxp-vg38-gq5c: When curl < 7
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
OSV
CVE-2022-32207: When curl < 7
osv·2022-07-07·CVSS 9.8
CVE-2022-32207 [CRITICAL] CVE-2022-32207: When curl < 7
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
OSV
curl vulnerabilities
osv·2022-06-27·CVSS 4.3
CVE-2022-32205 [MEDIUM] curl vulnerabilities
curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-middle attack.
(CVE-
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2022-32207: Unpreserved file permissions
hackerone·2022-06-27·CVSS 9.8
CVE-2022-32207 [CRITICAL] CVE-2022-32207: Unpreserved file permissions
CVE-2022-32207: Unpreserved file permissions
## Summary:
Curl fails to preserve file permissions when writing:
- `CURLOPT_COOKIEJAR` database
- `CURLOPT_ALTSVC` database
- `CURLOPT_HSTS` database
Instead the permissions is always reset to 0666 & ~umask if the file is updated.
As a result a file that was before protected against read access by other users becomes other user readable (as long as umask doesn't have bit 2 set).
Out of these files only the `CURLOPT_COOKIEJAR` is likely to contain sensitive information.
In addition curl will replace softlink to the database with locally written database, or if the application is run privileged, specifying `"/dev/null"` as a file name can lead to system overwriting the special file and result in inoperable system.
This is CWE-281: Improper P
HackerOne
CVE-2022-32207: Unpreserved file permissions
hackerone·2022-06-27·CVSS 9.8
CVE-2022-32207 [CRITICAL] CVE-2022-32207: Unpreserved file permissions
CVE-2022-32207: Unpreserved file permissions
When curl saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.
In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.
## Impact
Information disclosure (cookie file in specific)
CVE-2022-32207: Unpreserved file permissions
Project curl Security Advisory, June 27th 2022
VULNERABILITY
When curl saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.
In that rename operation, it might accidentally wid
http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41https://hackerone.com/reports/1573634https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220915-0003/https://support.apple.com/kb/HT213488https://www.debian.org/security/2022/dsa-5197http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41https://hackerone.com/reports/1573634https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220915-0003/https://support.apple.com/kb/HT213488https://www.debian.org/security/2022/dsa-5197
2022-07-07
Published