CVE-2013-0249

2013-03-0822:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-0249

buffer overflow

curl

libcurl

denial of service

remote code execution

nvd

cve

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.923 High

EPSS

Percentile

98.9%

JSON

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.

CPENameOperatorVersion
haxx:libcurlhaxx libcurleq7.26.0
haxx:curlhaxx curleq7.26.0
haxx:libcurlhaxx libcurleq7.28.0
haxx:curlhaxx curleq7.27.0
haxx:libcurlhaxx libcurleq7.27.0
haxx:curlhaxx curleq7.28.0
haxx:curlhaxx curleq7.28.1
haxx:libcurlhaxx libcurleq7.28.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10

CPE	Name	Operator	Version
haxx:libcurl	haxx libcurl	eq	7.26.0
haxx:curl	haxx curl	eq	7.26.0
haxx:libcurl	haxx libcurl	eq	7.28.0
haxx:curl	haxx curl	eq	7.27.0
haxx:libcurl	haxx libcurl	eq	7.27.0
haxx:curl	haxx curl	eq	7.28.0
haxx:curl	haxx curl	eq	7.28.1
haxx:libcurl	haxx libcurl	eq	7.28.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10