CVE-2022-27779 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Unknown
Type	Unknown
Description	libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2706	curl	7.83.0-1	7.83.1-1	Medium	Fixed

References
https://seclists.org/oss-sec/2022/q2/93 https://curl.se/docs/CVE-2022-27779.html https://github.com/curl/curl/commit/7e92d12b4e6911f https://github.com/curl/curl/commit/b27ad8e1d3e68e

Notes
Affected versions: curl 7.82.0 to and including curl 7.83.0 Not affected versions: curl < 7.82.0 and curl >= 7.83.1