CVE-2022-32205: 
Splunk Forwarder vulnerability analysis and mitigation

CVE-2022-32205 is a vulnerability in curl versions 7.71.0 to 7.83.1 where a malicious server can serve excessive amounts of Set-Cookie headers in an HTTP response. The vulnerability was discovered on May 13, 2022 and fixed in curl 7.84.0 released on June 27, 2022 (Curl Advisory).

The vulnerability occurs when curl stores all Set-Cookie headers received from a server response. A sufficiently large amount of big cookies can make subsequent HTTP requests to matching servers create requests larger than curl's internal threshold of 1,048,576 bytes, causing curl to return an error. Due to cookie matching rules, a server on foo.example.com can set cookies that would also match for bar.example.com, enabling a 'sister server' to cause denial of service for sibling sites on the same second level domain (Curl Advisory).

The vulnerability can lead to a denial of service state that might remain active as long as the cookies are kept, match and have not expired. This affects subsequent requests to the same or other servers where the cookies match (Curl Advisory, NVD).

The vulnerability was fixed in curl 7.84.0 with several new limits: maximum 150 cookies per request, 8K cap on outgoing Cookie header length, and maximum 50 accepted Set-Cookie header fields. Users should upgrade to curl version 7.84.0 or later, apply available patches, or avoid using cookies as a workaround (Curl Advisory).