High severity8.8NVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0490
CVE-2005-0490
Description
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- distro.conectiva.com.br/atualizacoes/nvdBroken LinkPatchVendor Advisory
- marc.infonvdMailing ListPatch
- www.gentoo.org/security/en/glsa/glsa-200503-20.xmlnvdThird Party Advisory
- www.idefense.com/application/poi/displaynvdBroken LinkVendor Advisory
- www.idefense.com/application/poi/displaynvdBroken LinkVendor Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/12615nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/12616nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/19423nvdThird Party AdvisoryVDB Entry
- www.novell.com/linux/security/advisories/2005_11_curl.htmlnvdBroken Link
- www.redhat.com/support/errata/RHSA-2005-340.htmlnvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273nvdBroken Link
News mentions
0No linked articles in our index yet.