206 matches found
TFTP Packet Buffer Overflow
libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix "tftp://", using a valid host and a path part that is longer tha...
URL Buffer Overflow
libcurl's URL parser function can overflow a heap based buffer in two ways, if given a too long URL. These overflows happen if you 1 - pass in a URL with no protocol like "http://" prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the heap...
NTLM Buffer Overflow
libcurl's NTLM function can overflow a stack-based buffer if given a too long username or domain name. This would happen if you enable NTLM authentication and either: A - pass in a username and domain name to libcurl that together are longer than 192 bytes B - allow libcurl to follow HTTP...
Authentication Buffer Overflows
Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation and for an FTP server to overflow the client during krb4 negotiation. The announcement of this flaw w...
Proxy Authentication Header Information Leakage
When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server...
FTP Server Response Buffer Overflow
When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer...