Lucene search

[email protected]CVE-2005-0490

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0490

2005-05-0204:00:00

CWE-131

[email protected]

web.nvd.nist.gov

cve-2005-0490

buffer overflow

libcurl

curl

remote code execution

base64

ntlm

kerberos

authentication

security vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.5%

JSON

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Affected configurations

NVD

Node

haxxcurlMatch7.12.1

haxxlibcurlMatch7.12.1

CPENameOperatorVersion
haxx:curlhaxx curleq7.12.1
haxx:libcurlhaxx libcurleq7.12.1

CPE	Name	Operator	Version
haxx:curl	haxx curl	eq	7.12.1
haxx:libcurl	haxx libcurl	eq	7.12.1

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940

marc.info/?l=full-disclosure&m=110959085507755&w=2

www.gentoo.org/security/en/glsa/glsa-200503-20.xml

www.idefense.com/application/poi/display?id=202&type=vulnerabilities

www.idefense.com/application/poi/display?id=203&type=vulnerabilities

www.mandriva.com/security/advisories?name=MDKSA-2005:048

www.novell.com/linux/security/advisories/2005_11_curl.html

www.redhat.com/support/errata/RHSA-2005-340.html

www.securityfocus.com/bid/12615

www.securityfocus.com/bid/12616

exchange.xforce.ibmcloud.com/vulnerabilities/19423

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2005-0490

freebsd1 nessus8 gentoo1 ubuntucve1 suse1 openvas7 redhat1 f52 cvelist1 ubuntu1 nvd2 debiancve1 centos2 cve1