Количество 9
Количество 9
BDU:2022-07404
Уязвимость утилиты командной строки cURL, связанная с ошибкой границ при разборе файла .netrc, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
CVE-2022-35260
CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that fil ...
ROS-20221222-02
Уязвимость cURL
GHSA-pv52-98qj-pq55
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
ROS-20221222-22
Множественные уязвимости libcURL
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2022-07404 Уязвимость утилиты командной строки cURL, связанная с ошибкой границ при разборе файла .netrc, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVE-2022-35260 curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVE-2022-35260 curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
 | CVE-2022-35260 curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVSS3: 6.5 | 0% Низкий | больше 1 года назад | |
| CVE-2022-35260 curl can be told to parse a `.netrc` file for credentials. If that fil ... | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | ROS-20221222-02 Уязвимость cURL | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-pv52-98qj-pq55 curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| ROS-20221222-22 Множественные уязвимости libcURL | CVSS3: 9.8 | почти 3 года назад |
Уязвимостей на страницу