A flaw in curl's cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl will subsequently scope and transmit to unrelated third-party domains.
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.81.0-1ubuntu1.25"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.81.0-1ubuntu1.25"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.81.0-1ubuntu1.25"
},
{
"binary_name": "libcurl4",
"binary_version": "7.81.0-1ubuntu1.25"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required"
}{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.5.0-2ubuntu10.10"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.5.0-2ubuntu10.10"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.5.0-2ubuntu10.10"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required"
}{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.14.1-2ubuntu1.4"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.14.1-2ubuntu1.4"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.14.1-2ubuntu1.4"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required"
}{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.18.0-1ubuntu2.2"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.18.0-1ubuntu2.2"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.18.0-1ubuntu2.2"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required"
}{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.47.0-1ubuntu2.19+esm16"
},
{
"binary_name": "libcurl3",
"binary_version": "7.47.0-1ubuntu2.19+esm16"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.47.0-1ubuntu2.19+esm16"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.47.0-1ubuntu2.19+esm16"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.58.0-2ubuntu3.24+esm9"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.58.0-2ubuntu3.24+esm9"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.58.0-2ubuntu3.24+esm9"
},
{
"binary_name": "libcurl4",
"binary_version": "7.58.0-2ubuntu3.24+esm9"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.68.0-1ubuntu2.25+esm4"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.68.0-1ubuntu2.25+esm4"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.68.0-1ubuntu2.25+esm4"
},
{
"binary_name": "libcurl4",
"binary_version": "7.68.0-1ubuntu2.25+esm4"
}
],
"priority_reason": "Upstream defined this as low severity",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}