Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2005-0490
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5.1/10
- Exploit Score
- 4.9/10
- Access Vector
- Network
- Access Complexity
- High
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 8.8/10
- Exploit Score
- 2.8/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities
- http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940
- http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml
- http://www.redhat.com/support/errata/RHSA-2005-340.html
- http://www.novell.com/linux/security/advisories/2005_11_curl.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:048
- http://www.securityfocus.com/bid/12615
- http://www.securityfocus.com/bid/12616
- http://marc.info/?l=full-disclosure&m=110959085507755&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19423
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1