8.8

CVE-2005-0490

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version7.12.1
HaxxLibcurl Version7.12.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.73% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940
Patch
Vendor Advisory
Broken Link
http://marc.info/?l=full-disclosure&m=110959085507755&w=2
Patch
Mailing List
http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml
Third Party Advisory
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities
Vendor Advisory
Broken Link
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities
Vendor Advisory
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2005:048
Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_11_curl.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-340.html
Broken Link
http://www.securityfocus.com/bid/12615
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/12616
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19423
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273
Broken Link