Showing 1 - 3 of 3

CVE-2022-35260

Status Candidate

Overview

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Related Files

Apple Security Advisory 2023-01-23-5: Posted Jan 24, 2023; Authored by Apple | Site apple.com; Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.; tags | advisory, overflow, vulnerability, code execution; systems | apple; advisories | CVE-2022-32221, CVE-2022-32915, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-23497, CVE-2023-23499, CVE-2023-23502, CVE-2023-23504, CVE-2023-23505, CVE-2023-23507, CVE-2023-23508; SHA-256 | 86dd9b786a0318174acd539801f6e3fe6a86591529277185d71eb7e9e3237c4d; Download | Favorite | View

Apple Security Advisory 2023-01-23-4: Posted Jan 24, 2023; Authored by Apple | Site apple.com; Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.; tags | advisory, overflow, vulnerability, code execution; systems | apple; advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-3705, CVE-2022-42915, CVE-2022-42916, CVE-2023-23493, CVE-2023-23496, CVE-2023-23497, CVE-2023-23498, CVE-2023-23499, CVE-2023-23500, CVE-2023-23501, CVE-2023-23502, CVE-2023-23503; SHA-256 | 0cd5bf89e176e4c213da4d53018a83b92e2203a6e71bf12d7a356eea1213909b; Download | Favorite | View

Ubuntu Security Notice USN-5702-1: Posted Oct 27, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916; SHA-256 | abce9130e44a5745556c40692b098b2f27521fb7fe9f2336f2ae1e79874e5e67; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2022-35260

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems