N/A

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

N/A

不加限制或调节的资源分配

curl 资源管理错误漏洞

curl是一款用于从服务器传输数据或向服务器传输数据的工具。 curl 7.71.0版本到7.83.1版本存在资源管理错误漏洞，该漏洞源于curl对于生成的HTTP请求中Set-Cookie大小缺少限制。攻击者利用该漏洞可以实现拒绝服务攻击。

N/A

N/A