Cyber Resilience

CVE-2022-35260

MediumPublic PoC

Published: 05 December 2022

Published
05 December 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0029 52.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-35260 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Splunk Universal Forwarder. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 47.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks,…

more

write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

haxx
curl
7.84.0 — 7.86.0
netapp
clustered data ontap
all versions
netapp
h300s firmware
all versions
netapp
h500s firmware
all versions
netapp
h700s firmware
all versions
netapp
h410s firmware
all versions
apple
macos
≤ 12.6.3
splunk
universal forwarder
9.1.0 · 8.2.0 — 8.2.12 · 9.0.0 — 9.0.6

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References