CURL-CVE-2022-35260

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2022-35260.html

Import Source

https://curl.se/docs/CURL-CVE-2022-35260.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2022-35260

Aliases

CVE-2022-35260

Published

2022-10-26T08:00:00Z

Modified

2025-05-15T17:48:29Z

Summary

.netrc parser out-of-bounds access

Details

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary.

This does in most cases cause a segfault or similar, but circumstances might also cause different outcomes.

If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

Database specific

{
    "CWE": {
        "id": "CWE-121",
        "desc": "Stack-based Buffer Overflow"
    },
    "issue": "https://hackerone.com/reports/1721098",
    "URL": "https://curl.se/docs/CVE-2022-35260.json",
    "last_affected": "7.85.0",
    "award": {
        "currency": "USD",
        "amount": "480"
    },
    "severity": "Low",
    "package": "curl",
    "www": "https://curl.se/docs/CVE-2022-35260.html",
    "affects": "both"
}

References

Credits

- Hiroki Kurosawa - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.84.0

Fixed

7.86.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

eeaae10c0fb27aa066fdc296074edeacfdeb6522

Fixed

c97ec984fb2bc919a3aa863e0476dffa377b184c

Affected versions

7.*

7.84.0

7.85.0

Database specific

{
    "vanir_signatures": [
        {
            "id": "CURL-CVE-2022-35260-160145d4",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "180427015040107051142020780991285257601",
                    "12266610536744085025426950927789246656",
                    "239996747545646643857373774366118206214",
                    "155731445442491039909521538273623993567",
                    "13387141666045107090636801487925201828",
                    "236656013171553531523123233181236102705",
                    "291370677559807464361649642919627712906",
                    "189498903837610303202040316232963631453",
                    "336093627987848099735496758689677859858",
                    "281586029754934110310274338936161049042",
                    "49602197324668631132655678939136460433",
                    "147192411820326919159921496268724779251"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "lib/netrc.c"
            },
            "source": "https://github.com/curl/curl.git/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CURL-CVE-2022-35260-42bd6a15",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "270365102834818624247507427346324617966",
                    "215529985526274021885683770136614352972",
                    "56969867792278034327518773244213351659",
                    "40181591141037536283781885935929912616",
                    "106575340799568553470923334291638780737",
                    "293921489964482779306311867020551921762"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "lib/curl_get_line.c"
            },
            "source": "https://github.com/curl/curl.git/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c",
            "signature_version": "v1",
            "deprecated": false
        }
    ]
}