Fixed
Created: Jun 27, 2022
Updated: Mar 23, 2023
Resolved Date: Mar 4, 2023
Found In Version: 10.18.44.1
Fix Version: 10.18.44.29
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace
curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
https://nvd.nist.gov/vuln/detail/CVE-2022-32206
