BestHub
Sign in
Tagged articles
3 articles
Page 1 of 1
MaGe Linux Operations
MaGe Linux Operations
Mar 19, 2023 · Information Security

How a 23‑Year‑Old Curl Bug Exposed Cookie Security Flaws

The article recounts the 23.9‑year‑long curl vulnerability discovered by Daniel Stenberg, detailing the early implementation of cookie handling, the challenges of dual cookie syntax, the security bug involving control‑code cookies, and the eventual fix released after nearly nine thousand days.

CVECookieHTTP
0 likes · 10 min read
How a 23‑Year‑Old Curl Bug Exposed Cookie Security Flaws
Open Source Linux
Open Source Linux
Oct 23, 2022 · Information Security

How a 23‑Year‑Old Curl Cookie Bug Evaded Detection Until 2022

This article recounts the 23.9‑year lifespan of a curl cookie handling vulnerability, tracing its origins in 1998, the evolution of cookie specifications, the discovery of the CVE‑2022‑35252 bug, and the eventual fix that finally eliminated the flaw after nearly 9,000 days.

CVECookieHTTP
0 likes · 9 min read
How a 23‑Year‑Old Curl Cookie Bug Evaded Detection Until 2022
Liangxu Linux
Liangxu Linux
Oct 20, 2022 · Information Security

Why a 23‑Year‑Old curl Cookie Bug Went Unnoticed Until 2022

The article recounts how a flaw introduced in curl 4.9's cookie engine in 1998 persisted for 23.9 years, why the dual‑syntax cookie RFC caused confusion, how the bug allowed control‑character cookies to be sent, and how a simple reject‑bytes patch finally fixed CVE‑2022‑35252.

CVE-2022-35252CookieHTTP
0 likes · 10 min read
Why a 23‑Year‑Old curl Cookie Bug Went Unnoticed Until 2022