CURL-CVE-2005-0490

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2005-0490.html

Import Source

https://curl.se/docs/CURL-CVE-2005-0490.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2005-0490

Aliases

CVE-2005-0490

Published

2005-02-21T08:00:00Z

Modified

2026-04-25T16:17:55.546581Z

Summary

Authentication Buffer Overflows

Details

Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation and for an FTP server to overflow the client during krb4 negotiation. The announcement of this flaw was done without contacting us.

Database specific

{
    "www": "https://curl.se/docs/CVE-2005-0490.html",
    "package": "curl",
    "severity": "High",
    "CWE": {
        "id": "CWE-121",
        "desc": "Stack-based Buffer Overflow"
    },
    "URL": "https://curl.se/docs/CVE-2005-0490.json",
    "last_affected": "7.13.0",
    "affects": "both"
}

References

Credits

- unknown - FINDER

Affected packages

Git /

Affected ranges

Type: SEMVER
Events: Introduced

7.3

Fixed

7.13.1

Affected versions

7.*

7.10

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.10.7

7.10.8

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.12.2

7.12.3

7.13.0

7.3

7.4

7.4.1

7.4.2

7.5

7.5.1

7.5.2

7.6

7.6.1

7.7

7.7.1

7.7.2

7.7.3

7.8

7.8.1

7.9

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.6

7.9.7

7.9.8

Database specific

source

"https://curl.se/docs/CURL-CVE-2005-0490.json"