CVE-2005-0490

HIGH

Haxx Curl - Buffer Overflow

Title source: rule

Description

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

References (12)

[Mailing List, Patch] http://marc.info/?l=full-disclosure&m=110959085507755&w=2

[Broken Link, Patch, Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940

[Broken Link, Vendor Advisory] http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12616

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12615

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19423

[Broken Link, Vendor Advisory] http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:048

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml

[Broken Link] http://www.redhat.com/support/errata/RHSA-2005-340.html

[Broken Link] http://www.novell.com/linux/security/advisories/2005_11_curl.html

Scores

CVSS v3 8.8

EPSS 0.0258

EPSS Percentile 85.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-131

Status published

Products (2)

haxx/curl 7.12.1

haxx/libcurl 7.12.1

Published May 02, 2005

Tracked Since Feb 18, 2026