curl can be told to parse a .netrc
file for credentials. If that file
endsin a line with 4095 consecutive non-white space letters and no newline,
curlwould first read past the end of the stack-based buffer, and if the
readworks, write a zero byte beyond its boundary.This will in most cases
cause a segfault or similar, but circumstances might also cause different
outcomes.If a malicious user can provide a custom netrc file to an
application or otherwise affect its contents, this flaw could be used as
denial-of-service.
Author | Note |
---|---|
alexmurray | Affects curl 7.84.0 to and including 7.85.0 |