Vulnerability Description
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.84.0, < 7.86.0 |
| Netapp | Clustered Data Ontap | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Apple | Macos | < 12.6.3 |
| Splunk | Universal Forwarder | >= 8.2.0, < 8.2.12 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2023/Jan/19Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2023/Jan/20Mailing ListThird Party Advisory
- https://hackerone.com/reports/1721098ExploitPatchThird Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230110-0006/Third Party Advisory
- https://support.apple.com/kb/HT213604Third Party Advisory
- https://support.apple.com/kb/HT213605Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jan/19Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2023/Jan/20Mailing ListThird Party Advisory
- https://hackerone.com/reports/1721098ExploitPatchThird Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230110-0006/Third Party Advisory
- https://support.apple.com/kb/HT213604Third Party Advisory
- https://support.apple.com/kb/HT213605Third Party Advisory
FAQ
What is CVE-2022-35260?
CVE-2022-35260 is a vulnerability with a CVSS score of 6.5 (MEDIUM). curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based...
How severe is CVE-2022-35260?
CVE-2022-35260 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35260?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Netapp Clustered Data Ontap, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware.