CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-42915 – curl: HTTP proxy double-free
https://notcve.org/view.php?id=CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. curl antes de la versión 7.86.0 tiene un double free. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 https://curl.se/docs/CVE-2022-42915.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK https://security.gentoo. • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 1CVE-2022-35260
https://notcve.org/view.php?id=CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. Se puede indicar a curl que analice un archivo `.netrc` en busca de credenciales. Si ese archivo termina en una línea con 4095 letras de espacios consecutivos que no sean espacios en blanco y sin nueva línea, curl primero leerá más allá del final del búfer basado en pila y, si la lectura funciona, escribirá un byte cero más allá de su límite. En la mayoría de los casos, esto causará una falla de segmento o similar, pero las circunstancias también pueden causar resultados diferentes. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 https://hackerone.com/reports/1721098 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20230110-0006 https://support.apple.com/kb/HT213604 https://support.apple.com/kb/HT213605 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 21EXPL: 1CVE-2022-35252 – curl: Incorrect handling of control code characters in cookies
https://notcve.org/view.php?id=CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando códigos de control que cuando son enviados de vuelta a un servidor HTTP podrían hacer que el servidor devolviera respuestas 400. En efecto, permite que un "sitio hermano" deniegue el servicio a todos los hermanos. A vulnerability found in curl. • http://seclists.org/fulldisclosure/2023/Jan/20 http://seclists.org/fulldisclosure/2023/Jan/21 https://hackerone.com/reports/1613943 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220930-0005 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604 https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=212071 • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •