5 matches found
Internet Bug Bounty: CVE-2022-35260: .netrc parser out-of-bounds access
Original Report:https://hackerone.com/reports/1721098 Impact If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service...
[slackware-security] curl
New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.86.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via IDN. HTTP proxy...
Slackware: Security Advisory (SSA:2022-299-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CURL-CVE-2022-35260 .netrc parser out-of-bounds access
curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases caus...
curl -- multiple vulnerabilities
Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...