CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
54.3%
curl can be told to parse a .netrc
file for credentials. If that file ends
in a line with consecutive non-white space letters and no newline, curl could
read past the end of the stack-based buffer, and if the read works, write a
zero byte possibly beyond its boundary.
This does in most cases cause a segfault or similar, but circumstances might
also cause different outcomes.
If a malicious user can provide a custom netrc file to an application or
otherwise affect its contents, this flaw could be used as denial-of-service.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
54.3%