CURL-CVE-2005-3185

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2005-3185.html
Import Source
https://curl.se/docs/CURL-CVE-2005-3185.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2005-3185
Aliases
Published
2005-10-13T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
NTLM Buffer Overflow
Details

libcurl's NTLM function can overflow a stack-based buffer if given a too long username or domain name. This would happen if you enable NTLM authentication and either:

A - pass in a username and domain name to libcurl that together are longer than 192 bytes

B - allow (lib)curl to follow HTTP "redirects" (Location: and the appropriate HTTP 30x response code) and the new URL contains a URL with a username and domain name that together are longer than 192 bytes

Database specific 
{
    "CWE": {
        "id": "CWE-121",
        "desc": "Stack-based Buffer Overflow"
    },
    "URL": "https://curl.se/docs/CVE-2005-3185.json",
    "package": "curl",
    "www": "https://curl.se/docs/CVE-2005-3185.html",
    "last_affected": "7.14.1",
    "affects": "both",
    "severity": "High"
}
References
Credits
    • iDEFENSE - FINDER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.10.6
Fixed
7.15.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
bdb5e5a25037a585e0ec6b83d29b25961c6823f8
Fixed
943aea62679fb9f2d6d7abe59b5edcba21490c52

Affected versions

7.*

7.10.6
7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "171114046798777151270719067410152303371",
                "290753497773825416687583203876565458288",
                "75455037029382482363366612127796244813"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CURL-CVE-2005-3185-90a25c7b",
        "target": {
            "file": "lib/http_ntlm.c"
        },
        "signature_type": "Line",
        "source": "https://github.com/curl/curl.git/commit/943aea62679fb9f2d6d7abe59b5edcba21490c52"
    },
    {
        "digest": {
            "function_hash": "238977671527874511677942108580874230893",
            "length": 6942.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CURL-CVE-2005-3185-ea12ec00",
        "target": {
            "file": "lib/http_ntlm.c",
            "function": "Curl_output_ntlm"
        },
        "signature_type": "Function",
        "source": "https://github.com/curl/curl.git/commit/943aea62679fb9f2d6d7abe59b5edcba21490c52"
    }
]