8.8

CVE-2005-0490

EPSS 2.58%
Veröffentlicht 02.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haxx ≫ Curl Version7.12.1

Haxx ≫ Libcurl Version7.12.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.58%	0.85

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940

Patch

Vendor Advisory

Broken Link

http://marc.info/?l=full-disclosure&m=110959085507755&w=2

Patch

Mailing List

http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml

Third Party Advisory

http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities

Vendor Advisory

Broken Link

http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities

Vendor Advisory

Broken Link

http://www.mandriva.com/security/advisories?name=MDKSA-2005:048

Third Party Advisory

http://www.novell.com/linux/security/advisories/2005_11_curl.html

Broken Link

http://www.redhat.com/support/errata/RHSA-2005-340.html

Broken Link

http://www.securityfocus.com/bid/12615

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/12616

Third Party Advisory

Broken Link

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/19423

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2005-0490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0490

EUVD