{"id":"USN-2346-1","summary":"curl vulnerabilities","details":"Tim Ruehsen discovered that curl incorrectly handled partial literal IP\naddresses. This could lead to the disclosure of cookies to the wrong site,\nand malicious sites being able to set cookies for others. (CVE-2014-3613)\n\nTim Ruehsen discovered that curl incorrectly allowed cookies to be set\nfor Top Level Domains (TLDs). This could allow a malicious site to set a\ncookie that gets sent to other sites. (CVE-2014-3620)\n","modified":"2026-02-10T04:40:50Z","published":"2014-09-15T12:26:17Z","related":["UBUNTU-CVE-2014-3613","UBUNTU-CVE-2014-3620"],"upstream":["CVE-2014-3613","CVE-2014-3620","UBUNTU-CVE-2014-3613","UBUNTU-CVE-2014-3620"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2346-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3613"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3620"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.35.0-1ubuntu2.1"}]}],"versions":["7.32.0-1ubuntu1","7.33.0-1ubuntu1","7.34.0-1ubuntu1","7.35.0-1ubuntu1","7.35.0-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.35.0-1ubuntu2.1"},{"binary_name":"libcurl3","binary_version":"7.35.0-1ubuntu2.1"},{"binary_name":"libcurl3-gnutls","binary_version":"7.35.0-1ubuntu2.1"},{"binary_name":"libcurl3-nss","binary_version":"7.35.0-1ubuntu2.1"},{"binary_name":"libcurl4-gnutls-dev","binary_version":"7.35.0-1ubuntu2.1"},{"binary_name":"libcurl4-nss-dev","binary_version":"7.35.0-1ubuntu2.1"},{"binary_name":"libcurl4-openssl-dev","binary_version":"7.35.0-1ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2346-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3613"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3620"}]}}}],"schema_version":"1.7.3"}