CVE-2005-0490 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-0490 Interim 1 5 2024-02-04T02:51:33Z current 2021-05-30T12:32:05Z 2024-02-04T02:51:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-0490 Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZAJO64UO33SDCLA5QLS4CMMJHOAXSBQ/#ZZAJO64UO33SDCLA5QLS4CMMJHOAXSBQ E-Mail link for SUSE-SA:2005:011 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. CVE-2005-0490 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H