Уязвимость DoS атаки в curl при обработке ".netrc" файла из-за некорректной обработки буфера стека
Описание
curl способен обрабатывать файл .netrc для получения учетных данных. Если этот файл заканчивается строкой из 4095 последовательных символов без пробелов и не содержит символа новой строки, curl сначала читает данные за пределами буфера, основанного на стеке, а затем записывает нулевой байт за его границу. Это в большинстве случаев вызывает аварийное завершение работы или аналогичное поведение, но в некоторых условиях возможны и другие результаты. Злоумышленник, предоставивший кастомный файл .netrc приложению или способный изменить его содержимое, может использовать эту уязвимость для осуществления DoS атаки.
Тип уязвимости
DoS атака
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
Одновременно
Одно из
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
curl can be told to parse a `.netrc` file for credentials. If that fil ...
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
EPSS
6.5 Medium
CVSS3