CURL-CVE-2022-35260

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2022-35260.html

Import Source

https://curl.se/docs/CURL-CVE-2022-35260.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2022-35260

Aliases

CVE-2022-35260

Published

2022-10-26T08:00:00Z

Modified

2025-05-15T17:48:29Z

Summary

.netrc parser out-of-bounds access

Details

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary.

This does in most cases cause a segfault or similar, but circumstances might also cause different outcomes.

If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Database specific

{
    "package": "curl",
    "www": "https://curl.se/docs/CVE-2022-35260.html",
    "last_affected": "7.85.0",
    "severity": "Low",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2022-35260.json",
    "issue": "https://hackerone.com/reports/1721098",
    "award": {
        "amount": "480",
        "currency": "USD"
    },
    "CWE": {
        "id": "CWE-121",
        "desc": "Stack-based Buffer Overflow"
    }
}

References

Credits

- Hiroki Kurosawa - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.84.0

Fixed

7.86.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

eeaae10c0fb27aa066fdc296074edeacfdeb6522

Fixed

c97ec984fb2bc919a3aa863e0476dffa377b184c

Affected versions

7.*

7.84.0

7.85.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180427015040107051142020780991285257601",
                "12266610536744085025426950927789246656",
                "239996747545646643857373774366118206214",
                "155731445442491039909521538273623993567",
                "13387141666045107090636801487925201828",
                "236656013171553531523123233181236102705",
                "291370677559807464361649642919627712906",
                "189498903837610303202040316232963631453",
                "336093627987848099735496758689677859858",
                "281586029754934110310274338936161049042",
                "49602197324668631132655678939136460433",
                "147192411820326919159921496268724779251"
            ]
        },
        "source": "https://github.com/curl/curl.git/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c",
        "id": "CURL-CVE-2022-35260-160145d4",
        "signature_version": "v1",
        "target": {
            "file": "lib/netrc.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "270365102834818624247507427346324617966",
                "215529985526274021885683770136614352972",
                "56969867792278034327518773244213351659",
                "40181591141037536283781885935929912616",
                "106575340799568553470923334291638780737",
                "293921489964482779306311867020551921762"
            ]
        },
        "source": "https://github.com/curl/curl.git/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c",
        "id": "CURL-CVE-2022-35260-42bd6a15",
        "signature_version": "v1",
        "target": {
            "file": "lib/curl_get_line.c"
        },
        "signature_type": "Line",
        "deprecated": false
    }
]