CVE-2005-3185
curl - buffer overflow
EPSS 4.9%
Description
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
How to fix CVE-2005-3185
To remediate CVE-2005-3185, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.15.0-1 or later
- Debian/curl—upgrade to 7.9.5-1woody2 or later
- Debian/wget—upgrade to 1.10.2-1 or later
Is CVE-2005-3185 being exploited?
Low — EPSS is 4.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 7.15.0-1
- from 0, < 7.9.5-1woody2
- from 0, < 1.10.2-1