CVE-2013-0249

curl and libcurl 7.26.0-7.28.1 - Stack-Based Buffer Overflow via SASL DIGEST-MD5 Realm Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0249. PoCs published by Volema.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in libcurl's POP3/SMTP SASL DIGEST-MD5 authentication handling (CVE-2013-0249). The PoC sets up a malicious POP3 server that sends an oversized 'realm' parameter, triggering a stack-based overflow in Curl_sasl_create_digest_md5_message().

Description

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.

Exploits (1)

exploitdb WORKING POC
by Volema · pythondoslinux
https://www.exploit-db.com/exploits/24487

This exploit demonstrates a buffer overflow in libcurl's POP3/SMTP SASL DIGEST-MD5 authentication handling (CVE-2013-0249). The PoC sets up a malicious POP3 server that sends an oversized 'realm' parameter, triggering a stack-based overflow in Curl_sasl_create_digest_md5_message().

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: libcurl (versions before fix, specifically tested on 7.28.1)
No auth needed
Prerequisites: Network access to target · Target must follow redirects to POP3 · Target must use vulnerable libcurl version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57842
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24487
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1721-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099140.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1028093
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/89988
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html
Various Sources x_refsource_misc
http://blog.volema.com/curl-rce.html
Vendor Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20130206.html

Scores

EPSS 0.2291
EPSS Percentile 97.5%

Details

CWE
CWE-119
Status published
Products (9)
canonical/ubuntu_linux 12.10
haxx/curl 7.26.0
haxx/curl 7.27.0
haxx/curl 7.28.0
haxx/curl 7.28.1
haxx/libcurl 7.26.0
haxx/libcurl 7.27.0
haxx/libcurl 7.28.0
haxx/libcurl 7.28.1
Published Mar 08, 2013
Tracked Since Feb 18, 2026