Bug 2135412 (CVE-2022-35260)

Summary: CVE-2022-35260 curl: .netrc parser out-of-bounds access
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: csutherl, dffrench, gzaronik, jburrell, jclere, jwon, kdudka, mturk, ngough, peholase, pjindal, plodge, rgodfrey, szappis
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: curl 7.86.0 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in curl. The issue occurs when curl is told to parse a `.netrc` file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, it can write a zero byte beyond its boundary. This issue, in most cases, causes a segfault or similar problem. A denial of service can occur if a malicious user can provide a custom netrc file to an application or otherwise affect its contents.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2135407    

Description Marian Rehak 2022-10-17 15:11:16 UTC
curl can be told to parse a `.netrc` file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes. If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Reference:

https://curl.se/docs/CVE-2022-35260.html