CURL-CVE-2005-3185

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2005-3185.html

Import Source

https://curl.se/docs/CURL-CVE-2005-3185.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2005-3185

Aliases

CVE-2005-3185

Published

2005-10-13T08:00:00Z

Modified

2024-06-07T13:53:51Z

Summary

NTLM Buffer Overflow

Details

libcurl's NTLM function can overflow a stack-based buffer if given a too long username or domain name. This would happen if you enable NTLM authentication and either:

A - pass in a username and domain name to libcurl that together are longer than 192 bytes

B - allow (lib)curl to follow HTTP "redirects" (Location: and the appropriate HTTP 30x response code) and the new URL contains a URL with a username and domain name that together are longer than 192 bytes

Database specific

{
    "last_affected": "7.14.1",
    "CWE": {
        "desc": "Stack-based Buffer Overflow",
        "id": "CWE-121"
    },
    "affects": "both",
    "severity": "High",
    "package": "curl",
    "www": "https://curl.se/docs/CVE-2005-3185.html",
    "URL": "https://curl.se/docs/CVE-2005-3185.json"
}

References

Credits

- iDEFENSE - FINDER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.10.6

Fixed

7.15.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

bdb5e5a25037a585e0ec6b83d29b25961c6823f8

Fixed

943aea62679fb9f2d6d7abe59b5edcba21490c52

Affected versions

7.*

7.10.6

7.10.7

7.10.8

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.12.2

7.12.3

7.13.0

7.13.1

7.13.2

7.14.0

7.14.1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "171114046798777151270719067410152303371",
                    "290753497773825416687583203876565458288",
                    "75455037029382482363366612127796244813"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/curl/curl.git/commit/943aea62679fb9f2d6d7abe59b5edcba21490c52",
            "signature_type": "Line",
            "target": {
                "file": "lib/http_ntlm.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CURL-CVE-2005-3185-90a25c7b"
        },
        {
            "digest": {
                "length": 6942.0,
                "function_hash": "238977671527874511677942108580874230893"
            },
            "source": "https://github.com/curl/curl.git/commit/943aea62679fb9f2d6d7abe59b5edcba21490c52",
            "signature_type": "Function",
            "target": {
                "function": "Curl_output_ntlm",
                "file": "lib/http_ntlm.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CURL-CVE-2005-3185-ea12ec00"
        }
    ]
}