Bug 2135412 (CVE-2022-35260) - CVE-2022-35260 curl: .netrc parser out-of-bounds access
Summary: CVE-2022-35260 curl: .netrc parser out-of-bounds access
Keywords:
Status: NEW
Alias: CVE-2022-35260
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2135407
TreeView+ depends on / blocked
 
Reported: 2022-10-17 15:11 UTC by Marian Rehak
Modified: 2022-10-28 13:12 UTC (History)
15 users (show)

Fixed In Version: curl 7.86.0
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in curl. The issue occurs when curl is told to parse a `.netrc` file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, it can write a zero byte beyond its boundary. This issue, in most cases, causes a segfault or similar problem. A denial of service can occur if a malicious user can provide a custom netrc file to an application or otherwise affect its contents.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2022-10-17 15:11:16 UTC
curl can be told to parse a `.netrc` file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes. If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Reference:

https://curl.se/docs/CVE-2022-35260.html


Note You need to log in before you can comment on or make changes to this bug.