libcurl.so is vulnerable to denial of service. The vulnerability exists due to stack-based buffer overflow when curl is instructed to parse a .netrc
file for credentials which allows an attacker to crash the application via malicious input.
seclists.org/fulldisclosure/2023/Jan/19
seclists.org/fulldisclosure/2023/Jan/20
access.redhat.com/security/cve/cve-2022-35260
github.com/curl/curl/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c
hackerone.com/reports/1721098
secdb.alpinelinux.org/edge/main.yaml
security-tracker.debian.org/tracker/CVE-2022-35260
security.gentoo.org/glsa/202212-01
security.netapp.com/advisory/ntap-20230110-0006/
support.apple.com/kb/HT213604
support.apple.com/kb/HT213605