CVE-2022-32206
Description
curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
4.546
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 are affected in Curl For Windows 7.83.1 | Windows |
| Vulnerabilities CVE-2022-32208,CVE-2022-32207,CVE-2022-32206,CVE-2022-32205 are fixed in Curl For Windows 7.84.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.2 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.3 | Windows |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.6) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.5) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.3) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.2) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.4) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7.8 (Software Update) (Auto Reboot) (CVE-2025-43300) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.8 (Software Update) - AutoReboot (CVE-2024-27877) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.7 (Software Update) - AutoReboot (CVE-2024-27789 , CVE-2023-42861 , CVE-2024-23296) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.5 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.4 (Software Update) - AutoReboot (CVE-2024-23222) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.3 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6 (Software Update) - AutoReboot (CVE-2023-41992,CVE-2023-41991) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.2 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.6 (Software Update) - AutoReboot (CVE-2024-1580) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.9 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.5 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.5.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.5.2 (Software Update) - AutoReboot (CVE-2023-41064) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.4 (Software Update) - AutoReboot(CVE-2023-32409,CVE-2023-28204,CVE-2023-32373) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.4.1 (Software Update) - AutoReboot(CVE-2023-32434,CVE-2023-32439) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.3 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.3.1 (Software Update) - AutoReboot (CVE-2023-28206,CVE-2023-28205) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.2 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.2.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13 - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.0.1 (Software Update) - AutoReboot | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.81.0-1ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.81.0-1ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.58.0-2ubuntu3.20_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.58.0-2ubuntu3.20_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.68.0-1ubuntu2.13_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.68.0-1ubuntu2.13_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.81.0-1ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.81.0-1ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.58.0-2ubuntu3.20_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.58.0-2ubuntu3.20_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.68.0-1ubuntu2.13_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.68.0-1ubuntu2.13_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.81.0-1ubuntu1.6_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.81.0-1ubuntu1.6_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.58.0-2ubuntu3.21_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.58.0-2ubuntu3.21_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.68.0-1ubuntu2.14_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.68.0-1ubuntu2.14_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.81.0-1ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.81.0-1ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.58.0-2ubuntu3.20_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.58.0-2ubuntu3.20_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.68.0-1ubuntu2.13_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.68.0-1ubuntu2.13_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| curl security update(DSA-5197-1) curl_7.74.0-1.3+deb11u2_amd64.deb | Linux |
| (RHSA-2022:6159) curl security update curl-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| (RHSA-2022:6159) curl security update curl-debugsource-7.61.1-22.el8_6.4.i686.rpm | Linux |
| (RHSA-2022:6159) curl security update curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| (RHSA-2022:6159) curl security update libcurl-7.61.1-22.el8_6.4.i686.rpm | Linux |
| (RHSA-2022:6159) curl security update libcurl-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| (RHSA-2022:6159) curl security update libcurl-devel-7.61.1-22.el8_6.4.i686.rpm | Linux |
| (RHSA-2022:6159) curl security update libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| (RHSA-2022:6159) curl security update libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm | Linux |
| (RHSA-2022:6159) curl security update libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| Curl update (ELSA-2022-6159) curl-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| Libcurl update (ELSA-2022-6159) libcurl-7.61.1-22.el8_6.4.i686.rpm | Linux |
| Libcurl update (ELSA-2022-6159) libcurl-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2022-6159) libcurl-devel-7.61.1-22.el8_6.4.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2022-6159) libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-6159) libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-6159) libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| curl security update (RLSA-2022:6159) curl-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| curl security update (RLSA-2022:6159) libcurl-7.61.1-22.el8_6.4.i686.rpm | Linux |
| curl security update (RLSA-2022:6159) libcurl-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| curl security update (RLSA-2022:6159) libcurl-devel-7.61.1-22.el8_6.4.i686.rpm | Linux |
| curl security update (RLSA-2022:6159) libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| curl security update (RLSA-2022:6159) libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm | Linux |
| curl security update (RLSA-2022:6159) libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm | Linux |
| Curl update (ELSA-2022-6157) curl-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Curl-minimal update (ELSA-2022-6157) curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Libcurl update (ELSA-2022-6157) libcurl-7.76.1-14.el9_0.5.i686.rpm | Linux |
| Libcurl update (ELSA-2022-6157) libcurl-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2022-6157) libcurl-devel-7.76.1-14.el9_0.5.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2022-6157) libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-6157) libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-6157) libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611833 | Mac OS - Ventura 13.7.8 (Software Update) (Auto Reboot) (CVE-2025-43300) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234