7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.7%
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | curl | < 7.15.0-1 | curl_7.15.0-1_all.deb |
Debian | 11 | all | curl | < 7.15.0-1 | curl_7.15.0-1_all.deb |
Debian | 999 | all | curl | < 7.15.0-1 | curl_7.15.0-1_all.deb |
Debian | 13 | all | curl | < 7.15.0-1 | curl_7.15.0-1_all.deb |
Debian | 12 | all | wget | < 1.10.2-1 | wget_1.10.2-1_all.deb |
Debian | 11 | all | wget | < 1.10.2-1 | wget_1.10.2-1_all.deb |
Debian | 999 | all | wget | < 1.10.2-1 | wget_1.10.2-1_all.deb |
Debian | 13 | all | wget | < 1.10.2-1 | wget_1.10.2-1_all.deb |