CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 1CVE-2022-35260
https://notcve.org/view.php?id=CVE-2022-35260
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. Se puede indicar a curl que analice un archivo `.netrc` en busca de credenciales. Si ese archivo termina en una línea con 4095 letras de espacios consecutivos que no sean espacios en blanco y sin nueva línea, curl primero leerá más allá del final del búfer basado en pila y, si la lectura funciona, escribirá un byte cero más allá de su límite. En la mayoría de los casos, esto causará una falla de segmento o similar, pero las circunstancias también pueden causar resultados diferentes. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 https://hackerone.com/reports/1721098 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20230110-0006 https://support.apple.com/kb/HT213604 https://support.apple.com/kb/HT213605 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-42915 – curl: HTTP proxy double-free
https://notcve.org/view.php?id=CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. curl antes de la versión 7.86.0 tiene un double free. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 https://curl.se/docs/CVE-2022-42915.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK https://security.gentoo. • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-32831
https://notcve.org/view.php?id=CVE-2022-32831
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8 y macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32841
https://notcve.org/view.php?id=CVE-2022-32841
The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory. Se abordó un problema con un manejo de la memoria mejorado. Este problema ha sido corregido en watchOS versión 8.7, tvOS versión 15.6, iOS versión 15.6 y iPadOS versión 15.6, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-32851
https://notcve.org/view.php?id=CVE-2022-32851
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8 y macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •