Oval Definition:oval:org.opensuse.security:def:202235260
Revision Date:2023-06-22Version:1
Title:CVE-2022-35260
Description:

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-35260
SUSE CVE-2022-35260
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.3 is installed
  • AND Package Information
  • curl is not affected
  • OR libcurl4 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • curl-8.0.1-150400.5.23.1 is installed
  • OR libcurl-devel-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-32bit-8.0.1-150400.5.23.1 is installed
    • BACK