Vulnerability Details : CVE-2005-0490
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
Vulnerability category: Execute code
Products affected by CVE-2005-0490
- cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0490
5.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0490
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-02-02 |
CWE ids for CVE-2005-0490
-
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-0490
-
http://www.redhat.com/support/errata/RHSA-2005-340.html
SupportBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19423
cURL Kerberos authentication buffer overflow CVE-2005-0490 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273
404 Not FoundBroken Link
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)Broken Link;Patch;Vendor Advisory
-
http://marc.info/?l=full-disclosure&m=110959085507755&w=2
'[Full-Disclosure] [USN-86-1] cURL vulnerability' - MARCMailing List;Patch
-
http://www.securityfocus.com/bid/12616
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/12615
Broken Link;Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:048
Advisories - Mandriva LinuxThird Party Advisory
-
http://www.novell.com/linux/security/advisories/2005_11_curl.html
404 Page Not Found | SUSEBroken Link
-
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities
Broken Link;Vendor Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml
curl: NTLM response buffer overflow (GLSA 200503-20) — Gentoo securityThird Party Advisory
-
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities
Broken Link;Vendor Advisory
Jump to