CVE-2022-35260
published 2022-12-05CVE-2022-35260: curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould…
PriorityP431medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.76%
75.1th percentile
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 12.6.3 | 12.6.3 |
| apple | macos_monterey | — | — |
| apple | macos_ventura | — | — |
| debian | curl | < curl 7.86.0-1 (bookworm) | curl 7.86.0-1 (bookworm) |
| haxx | curl | >= 0 < 7.86.0-1 | 7.86.0-1 |
| haxx | curl | >= 0 < 7.86.0-1 | 7.86.0-1 |
| haxx | curl | >= 0 < 7.86.0-1 | 7.86.0-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.21 | 7.58.0-2ubuntu3.21 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.14 | 7.68.0-1ubuntu2.14 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.6 | 7.81.0-1ubuntu1.6 |
| haxx | curl | >= 7.84.0 < 7.86.0 | 7.86.0 |
| https | github.com_curl_curl | — | — |
| msrc | azl3_tensorflow_2.11.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SINEC NMS Third-Party
cisa_ics·2023-05-11·CVSS 9.8
[CRITICAL] Siemens SINEC NMS Third-Party
ICS Advisory
##
Siemens SINEC NMS Third-Party
Release DateMay 11, 2023
Alert CodeICSA-23-131-05
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Third-party components libexpat and libcurl in SINEC NMS
- Vulnerabilities: Expected Behavior Violation, Improper Validation of Syntactic Correctness of Input, Stack-based Buffer Overflow, Use After Free, Double Free, Cleartext Tran
Apple
CVE-2023-23513: macOS Ventura 13.2
vendor_apple·2023-01-23·CVSS 6.5
CVE-2023-23513 [MEDIUM] CVE-2023-23513: macOS Ventura 13.2
Apple Security Update: About the security content of macOS Ventura 13.2
Product: macOS Ventura
Version: 13.2
CVE: CVE-2023-23513
Component: CVE-2022-35260
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2023-23539: macOS Ventura 13.2
vendor_apple·2023-01-23·CVSS 6.5
CVE-2023-23539 [MEDIUM] CVE-2023-23539: macOS Ventura 13.2
Apple Security Update: About the security content of macOS Ventura 13.2
Product: macOS Ventura
Version: 13.2
CVE: CVE-2023-23539
Component: CVE-2022-35260
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2022-35260: macOS Ventura 13.2
vendor_apple·2023-01-23·CVSS 6.5
CVE-2022-35260 [MEDIUM] CVE-2022-35260: macOS Ventura 13.2
Apple Security Update: About the security content of macOS Ventura 13.2
Product: macOS Ventura
Version: 13.2
CVE: CVE-2022-35260
Component: CVE-2022-35260
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
Apple
CVE-2022-35260: macOS Monterey 12.6.3
vendor_apple·2023-01-23·CVSS 6.5
CVE-2022-35260 [MEDIUM] CVE-2022-35260: macOS Monterey 12.6.3
Apple Security Update: About the security content of macOS Monterey 12.6.3
Product: macOS Monterey
Version: 12.6.3
CVE: CVE-2022-35260
Component: CVE-2022-35260
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl version 7.85.0.
Microsoft
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline curlwould first read past the end of the stack-based
vendor_msrc·2022-12-13·CVSS 6.5
CVE-2022-35260 [MEDIUM] CWE-787 curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline curlwould first read past the end of the stack-based
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline curlwould first read past the end of the stack-based buffer and if the readworks write a zero byte beyond its boundary.This will in most cases cause a segfault or similar but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents this flaw could be used as denial-of-service.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the
Red Hat
curl: .netrc parser out-of-bounds access
vendor_redhat·2022-10-26·CVSS 6.5
CVE-2022-35260 [MEDIUM] CWE-121 curl: .netrc parser out-of-bounds access
curl: .netrc parser out-of-bounds access
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
A vulnerability was found in curl. The issue occurs when curl is told to parse a `.netrc` file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of th
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-10-26·CVSS 9.8
CVE-2022-32221 [CRITICAL] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc
files. If an attacker were able to provide a specially crafted .netrc file,
this issue could cause curl to crash, resulting in a denial of service.
This issue only affected Ubuntu 22.10. (CVE-2022-35260)
It was discovered that curl incorrectly handled certain HTTP proxy return
codes. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbit
Debian
CVE-2022-35260: curl - curl can be told to parse a `.netrc` file for credentials. If that file endsin a...
vendor_debian·2022·CVSS 6.5
CVE-2022-35260 [MEDIUM] CVE-2022-35260: curl - curl can be told to parse a `.netrc` file for credentials. If that file endsin a...
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
Scope: local
bookworm: resolved (fixed in 7.86.0-1)
bullseye: resolved
forky: resolved (fixed in 7.86.0-1)
sid: resolved (fixed in 7.86.0-1)
trixie: resolved (fixed in 7.86.0-1)
GHSA
GHSA-pv52-98qj-pq55: curl can be told to parse a `
ghsa_unreviewed·2022-12-06
CVE-2022-35260 [MEDIUM] CWE-125 GHSA-pv52-98qj-pq55: curl can be told to parse a `
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
OSV
CVE-2022-35260: curl can be told to parse a `
osv·2022-12-05·CVSS 6.5
CVE-2022-35260 [MEDIUM] CVE-2022-35260: curl can be told to parse a `
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
OSV
curl vulnerabilities
osv·2022-10-26·CVSS 9.8
CVE-2022-32221 [CRITICAL] curl vulnerabilities
curl vulnerabilities
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc
files. If an attacker were able to provide a specially crafted .netrc file,
this issue could cause curl to crash, resulting in a denial of service.
This issue only affected Ubuntu 22.10. (CVE-2022-35260)
It was discovered that curl incorrectly handled certain HTTP proxy return
codes. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, and Ubu
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2022-35260: .netrc parser out-of-bounds access
hackerone·2022-12-03·CVSS 6.5
CVE-2022-35260 [MEDIUM] CVE-2022-35260: .netrc parser out-of-bounds access
CVE-2022-35260: .netrc parser out-of-bounds access
Original Report:https://hackerone.com/reports/1721098
## Impact
If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
###CVE-2022-35260: .netrc parser out-of-bounds access
###VULNERABILITY
curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary.
This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.
If a malicious user can provide a custom netrc file to an application or otherw
HackerOne
CVE-2022-35260: .netrc parser out-of-bounds access
hackerone·2022-10-27·CVSS 6.5
CVE-2022-35260 [MEDIUM] CVE-2022-35260: .netrc parser out-of-bounds access
CVE-2022-35260: .netrc parser out-of-bounds access
## Summary:
Curl expects the .netrc file to have space characters. So if there is no space character, it will do an out-of-bounds read and a 1-byte out-of-bounds write.
This can happen multiple times depending on the state of the memory.
## Steps To Reproduce:
`curl --netrc-file .netrc test.local`
".netrc" is attached.
The content is 'a' for 4095 bytes.
Depending on memory conditions, even single-byte files can cause problems.
It's not exactly just spaces and newlines.
The condition is that the .netrc file does not contain characters for which ISSPACE() returns true (so it is also a condition that there is no line feed code).
There is a problem with parsenetrc() in lib/netrc.c.
parsenetrc() has the following loop.
```
while(!done && fg
arXiv
On NVD Users' Attitudes, Experiences, Hopes and Hurdles
arxiv_fulltext·2024-09-19
On NVD Users' Attitudes, Experiences, Hopes and Hurdles
On NVD Users' Attitudes, Experiences, Hopes and Hurdles
Authors' version; to appear in ACM DTRAP Special Issue on IMF 2024
Julia Wunder
IT Security Infrastructures Lab, Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)
Erlangen
Germany
[email protected]
Alan Corona
IT Security Infrastructures Lab, Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)
Erlangen
Germany
[email protected]
Andreas Hammer
IT Security Infrastructures Lab, Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)
Erlangen
Germany
[email protected]
Zinaida Benenson
IT Security Infrastructures Lab, Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)
Erlangen
Germany
[email protected]
Wunder et al.
## Abstract
The National Vulnerability Database (NVD) is a major vulnerability dat
http://seclists.org/fulldisclosure/2023/Jan/19http://seclists.org/fulldisclosure/2023/Jan/20https://hackerone.com/reports/1721098https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20230110-0006/https://support.apple.com/kb/HT213604https://support.apple.com/kb/HT213605http://seclists.org/fulldisclosure/2023/Jan/19http://seclists.org/fulldisclosure/2023/Jan/20https://hackerone.com/reports/1721098https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20230110-0006/https://support.apple.com/kb/HT213604https://support.apple.com/kb/HT213605
2022-12-05
Published