4.6

CVE-2005-4077

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?"  separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Daniel StenbergCurl Version7.11.2
Daniel StenbergCurl Version7.12
Daniel StenbergCurl Version7.12.1
Daniel StenbergCurl Version7.12.2
Daniel StenbergCurl Version7.12.3
Daniel StenbergCurl Version7.13
Daniel StenbergCurl Version7.13.1
Daniel StenbergCurl Version7.13.2
Daniel StenbergCurl Version7.14
Daniel StenbergCurl Version7.14.1
Daniel StenbergCurl Version7.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.397
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
http://secunia.com/advisories/20077
Vendor Advisory
http://www.securityfocus.com/bid/17951
http://www.us-cert.gov/cas/techalerts/TA06-132A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/1779
Vendor Advisory
http://secunia.com/advisories/17965
Vendor Advisory
http://www.debian.org/security/2005/dsa-919
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
http://secunia.com/advisories/18336
Vendor Advisory
http://www.trustix.org/errata/2005/0072/
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt
http://curl.haxx.se/docs/adv_20051207.html
Patch
Vendor Advisory
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://qa.openoffice.org/issues/show_bug.cgi?id=59032
http://secunia.com/advisories/17907
Patch
Vendor Advisory
http://secunia.com/advisories/17960
Vendor Advisory
http://secunia.com/advisories/17961
Vendor Advisory
http://secunia.com/advisories/17977
Vendor Advisory
http://secunia.com/advisories/18105
Vendor Advisory
http://secunia.com/advisories/18188
Vendor Advisory
http://secunia.com/advisories/19261
Vendor Advisory
http://secunia.com/advisories/19433
Vendor Advisory
http://secunia.com/advisories/19457
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml
http://www.hardened-php.net/advisory_242005.109.html
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:224
http://www.redhat.com/support/errata/RHSA-2005-875.html
http://www.securityfocus.com/archive/1/418849/100/0/threaded
http://www.securityfocus.com/bid/15756
Patch
http://www.vupen.com/english/advisories/2005/2791
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0960
Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855
https://usn.ubuntu.com/228-1/