{"id":"USN-5495-2","summary":"curl regression","details":"USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205\nmiscalculated the maximum cookie size, causing a regression. This update\nfixes the problem.\n\nOriginal advisory details:\n\n Harry Sintonen discovered that curl incorrectly handled certain cookies.\n An attacker could possibly use this issue to cause a denial of service.\n This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\n Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.\n An attacker could possibly use this issue to cause a denial of service.\n (CVE-2022-32206)\n\n Harry Sintonen incorrectly handled certain file permissions.\n An attacker could possibly use this issue to expose sensitive information.\n This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\n Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.\n An attacker could possibly use this to perform a machine-in-the-middle attack.\n (CVE-2022-32208)\n","modified":"2026-04-22T10:25:48.533131Z","published":"2025-09-29T11:26:27Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5495-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/2118865"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.81.0-1ubuntu1.21"}]}],"versions":["7.74.0-1.3ubuntu2","7.74.0-1.3ubuntu3","7.80.0-3","7.81.0-1","7.81.0-1ubuntu1.1","7.81.0-1ubuntu1.2","7.81.0-1ubuntu1.3","7.81.0-1ubuntu1.4","7.81.0-1ubuntu1.6","7.81.0-1ubuntu1.7","7.81.0-1ubuntu1.8","7.81.0-1ubuntu1.10","7.81.0-1ubuntu1.11","7.81.0-1ubuntu1.13","7.81.0-1ubuntu1.14","7.81.0-1ubuntu1.15","7.81.0-1ubuntu1.16","7.81.0-1ubuntu1.17","7.81.0-1ubuntu1.18","7.81.0-1ubuntu1.19","7.81.0-1ubuntu1.20"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.81.0-1ubuntu1.21","binary_name":"curl"},{"binary_version":"7.81.0-1ubuntu1.21","binary_name":"libcurl3-gnutls"},{"binary_version":"7.81.0-1ubuntu1.21","binary_name":"libcurl3-nss"},{"binary_version":"7.81.0-1ubuntu1.21","binary_name":"libcurl4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5495-2.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}