CVE-2022-35252: 
Splunk Forwarder vulnerability analysis and mitigation

The vulnerability CVE-2022-35252 affects curl versions 4.9 through 7.84.0. When curl is used to retrieve and parse cookies from an HTTP(S) server, it accepts cookies containing control codes (byte values below 32). When these cookies are later sent back to an HTTP(S) server, it might cause the server to return a 400 response, effectively allowing a "sister site" to deny service to siblings (Curl Advisory).

The vulnerability was initially introduced in curl 4.9. The flaw involves the cookie parsing mechanism accepting control codes in cookies, which wasn't problematic with older HTTP servers but became an issue as servers began rejecting requests containing these control codes. The vulnerability is classified as CWE-1286: Improper Validation of Syntactic Correctness of Input, with a CVSS score of 3.7 (LOW) (Curl Advisory, NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition. The attack vector involves a malicious site setting cookies with control codes that, when sent to other sites, cause HTTP servers to reject the requests with 400 responses (Curl Advisory).

The vulnerability was fixed in curl version 7.85.0. Users are recommended to upgrade to this version or later. If upgrading is not immediately possible, users can disable the cookie engine as a workaround. The fix was implemented through a patch that addresses the cookie parsing mechanism (Curl Advisory).