Showing 1 - 3 of 3

CVE-2022-35260

Status Candidate

Overview

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Related Files

Apple Security Advisory 2023-01-23-5: Posted Jan 24, 2023; Authored by Apple | Site apple.com; Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.; tags | advisory, overflow, vulnerability, code execution; systems | apple; advisories | CVE-2022-32221, CVE-2022-32915, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-23497, CVE-2023-23499, CVE-2023-23502, CVE-2023-23504, CVE-2023-23505, CVE-2023-23507, CVE-2023-23508; SHA-256 | 86dd9b786a0318174acd539801f6e3fe6a86591529277185d71eb7e9e3237c4d; Download | Favorite | View

Apple Security Advisory 2023-01-23-4: Posted Jan 24, 2023; Authored by Apple | Site apple.com; Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.; tags | advisory, overflow, vulnerability, code execution; systems | apple; advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-3705, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-23496, CVE-2023-23497, CVE-2023-23498, CVE-2023-23499, CVE-2023-23500, CVE-2023-23501, CVE-2023-23502, CVE-2023-23503; SHA-256 | 0cd5bf89e176e4c213da4d53018a83b92e2203a6e71bf12d7a356eea1213909b; Download | Favorite | View

Ubuntu Security Notice USN-5702-1: Posted Oct 27, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916; SHA-256 | abce9130e44a5745556c40692b098b2f27521fb7fe9f2336f2ae1e79874e5e67; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 274 files
indoushka 183 files
Ubuntu 92 files
Gentoo 32 files
Debian 18 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,130)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,401)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,885)
UNIX (9,462)
UnixWare (188)
Windows (6,782)
Other

CVE-2022-35260

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems