{"vulnerability": "CVE-2022-35260", "sightings": [{"uuid": "830c4fbc-9fc7-43f1-9c7d-437f955e468e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35260", "type": "seen", "source": "https://t.me/cibsecurity/54030", "content": "\u203c CVE-2022-35260 \u203c\n\ncurl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:19.000000Z"}, {"uuid": "1b3bac99-7c03-434a-94dc-f1c01e228707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35260", "type": "seen", "source": "https://t.me/ctinow/71718", "content": "curl: CVE-2022-35260: .netrc parser out-of-bounds access\n\nhttps://ift.tt/jF3cMHh", "creation_timestamp": "2022-10-27T18:41:18.000000Z"}]}