Lucene search
Ubuntu.comUB:CVE-2022-35260HistoryOct 26, 2022 - 12:00 a.m.
CVE-2022-35260
2022-10-2600:00:00
ubuntu.com
ubuntu.com
14
0.002 Low
EPSS
Percentile
52.3%
curl can be told to parse a .netrc file for credentials. If that file
endsin a line with 4095 consecutive non-white space letters and no newline,
curlwould first read past the end of the stack-based buffer, and if the
readworks, write a zero byte beyond its boundary.This will in most cases
cause a segfault or similar, but circumstances might also cause different
outcomes.If a malicious user can provide a custom netrc file to an
application or otherwise affect its contents, this flaw could be used as
denial-of-service.
Notes
| Author | Note |
|---|---|
| alexmurray | Affects curl 7.84.0 to and including 7.85.0 |
Related
prion
prion
Stack overflow
2022-12-05 22:15:00
hackerone
hackerone
Internet Bug Bounty: CVE-2022-35260: .netrc parser out-of-bounds access
2022-10-27 15:19:47
curl: CVE-2022-35260: .netrc parser out-of-bounds access
2022-10-03 16:14:04
osv
osv
CVE-2022-35260
2022-12-05 22:15:10
cbl_mariner
cbl_mariner
CVE-2022-35260 affecting package tensorflow for versions less than 2.16.1-1
2024-04-17 22:02:46
veracode
veracode
Denial Of Service (DoS)
2022-10-26 11:37:04
cvelist
cvelist
CVE-2022-35260
2022-12-05 00:00:00
cve
cve
CVE-2022-35260
2022-12-05 22:15:00
debiancve
debiancve
CVE-2022-35260
2022-12-05 22:15:00
redhatcve
redhatcve
CVE-2022-35260
2022-10-26 17:23:37
alpinelinux
alpinelinux
CVE-2022-35260
2022-12-05 22:15:00
redos
redos
ROS-20221222-02
2022-12-22 00:00:00
nessus
nessus
FreeBSD : curl -- multiple vulnerabilities (0f99a30c-7b4b-11ed-9168-080027f5fec9)
2022-12-13 00:00:00
Amazon Linux 2022 : curl (ALAS2022-2022-246)
2022-12-09 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2022-299-01)
2022-10-27 00:00:00
Ubuntu: Security Advisory (USN-5702-1)
2022-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-9.fc36
2022-10-30 21:00:40
[SECURITY] Fedora 35 Update: curl-7.79.1-7.fc35
2022-11-10 16:21:52
[SECURITY] Fedora 37 Update: curl-7.85.0-2.fc37
2022-11-10 22:54:26
ibm
ibm
amazon
amazon
Medium: curl
2022-12-01 20:31:00
slackware
slackware
[slackware-security] curl
2022-10-27 02:30:21
cloudfoundry
cloudfoundry
USN-5702-1: curl vulnerabilities | Cloud Foundry
2023-05-18 00:00:00
freebsd
freebsd
curl -- multiple vulnerabilities
2022-10-26 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0480
2022-10-29 00:00:00
Critical Photon OS Security Update - PHSA-2022-0533
2022-10-28 00:00:00
Critical Photon OS Security Update - PHSA-2022-0271
2022-10-28 00:00:00
ics
ics
Siemens SINEC NMS Third-Party
2023-05-11 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
apple
apple
About the security content of macOS Monterey 12.6.3
2023-01-23 00:00:00
About the security content of macOS Ventura 13.2
2023-01-23 00:00:00
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00