CVE | CVE-2022-35260 |
CVE Ordinal Value | 240826 |
Published Date | 2022-12-05T22:15Z |
Modified Date | 2022-12-13T18:40Z |
CWE Type | CWE-787 |
CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Description | curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://hackerone.com/reports/1721098 |
Reference Description | MISC https://hackerone.com/reports/1721098 |
Reference Description | |
Tags | Exploit Patch Third Party Advisory |
Sources | NIST MITRE |