{"id":"CURL-CVE-2014-3620","summary":"cookie leak for TLDs","details":"libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus\nmaking them apply broader than cookies are allowed. This can allow arbitrary\nsites to set cookies that then would get sent to a different and unrelated\nsite or domain.","aliases":["CVE-2014-3620"],"modified":"2024-06-07T13:53:51Z","published":"2014-09-10T08:00:00Z","database_specific":{"affects":"both","last_affected":"7.37.1","package":"curl","URL":"https://curl.se/docs/CVE-2014-3620.json","CWE":{"desc":"Information Exposure Through Sent Data","id":"CWE-201"},"severity":"High","www":"https://curl.se/docs/CVE-2014-3620.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.31.0"},{"fixed":"7.38.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"85b9dc80232d1d7d48ee4dea6db5a2263ee68efd"},{"fixed":"a76825a5efa6b41d3a1d4f275dada2f017f6f566"}]}],"versions":["7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2014-3620.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["37427175837161603727402837893850884207","57078580031252356122054128959790165040","57610869871746178693586270261540026008","264650330124006555882506950221627293740","158063382807229582267971963380867257653","127624980743193691609132514435589490983","303745661566892262755879777628873642030"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/a76825a5efa6b41d3a1d4f275dada2f017f6f566","id":"CURL-CVE-2014-3620-0bc9e96c","signature_type":"Line","target":{"file":"lib/cookie.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"278933965437113816845312027126601948095","length":7230},"source":"https://github.com/curl/curl.git/commit/a76825a5efa6b41d3a1d4f275dada2f017f6f566","id":"CURL-CVE-2014-3620-571995f9","signature_type":"Function","target":{"file":"lib/cookie.c","function":"Curl_cookie_add"}}]}}],"schema_version":"1.7.3","credits":[{"name":"Tim Ruehsen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}