cvedb.io
CVE-2022-35507
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2022-12-04T19:15:09.850 · Last modified 2026-06-17T04:51:54.040

Summary

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.

Affected products

proxmox — proxmox_mail_gateway

Does this affect you?

Add your gear to cvedb and we'll alert you only when proxmox ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.