CVE-2022-35260

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow15 documents10 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 51.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple MacosHaxx CurlSplunk Universal Forwarder+1 more
Timeline
PublishedDec 5
Latest updateJan 23

Description

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be u

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDhaxx/curl7.84.07.86.0
Debiancurl< 7.86.0-1+2
CVEListV5https://github.com/curl/curlFixed in 7.86.0
NVDapple/macos< 12.6.3
NVDsplunk/universal_forwarder8.2.08.2.12+2

Patches

Patch: hackerone.comPatch: hackerone.com

🔴Vulnerability Details

4
GHSA
GHSA-pv52-98qj-pq55: curl can be told to parse a `2022-12-06
OSV
CVE-2022-35260: curl can be told to parse a `2022-12-05
CVEList
CVE-2022-35260: curl can be told to parse a `2022-12-05
OSV
curl vulnerabilities2022-10-26

📋Vendor Advisories

8
Apple
CVE-2023-23513: macOS Ventura 13.22023-01-23
Apple
CVE-2023-23539: macOS Ventura 13.22023-01-23
Apple
CVE-2022-35260: macOS Ventura 13.22023-01-23
Apple
CVE-2022-35260: macOS Monterey 12.6.32023-01-23
Microsoft
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline curlwould first read past the end of the stack-based 2022-12-13

💬Community

2
HackerOne
CVE-2022-35260: .netrc parser out-of-bounds access2022-12-03
HackerOne
CVE-2022-35260: .netrc parser out-of-bounds access2022-10-27