CVE-2005-0490

Description

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

How to fix CVE-2005-0490

To remediate CVE-2005-0490, upgrade the affected package to a fixed version below.

—upgrade to 7.13.0-2 or later

Is CVE-2005-0490 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 7.13.0-2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-0490