Lucene search
K

206 matches found

curl security advisories
curl security advisories
added 2006/03/20 8:0 a.m.5 views

TFTP Packet Buffer Overflow

libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix "tftp://", using a valid host and a path part that is longer tha...

7.5CVSS8.5AI score0.0509EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2005/12/07 8:0 a.m.6 views

URL Buffer Overflow

libcurl's URL parser function can overflow a heap based buffer in two ways, if given a too long URL. These overflows happen if you 1 - pass in a URL with no protocol like "http://" prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the heap...

4.6CVSS5.5AI score0.00516EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2005/10/13 8:0 a.m.6 views

NTLM Buffer Overflow

libcurl's NTLM function can overflow a stack-based buffer if given a too long username or domain name. This would happen if you enable NTLM authentication and either: A - pass in a username and domain name to libcurl that together are longer than 192 bytes B - allow libcurl to follow HTTP...

7.5CVSS5.6AI score0.05188EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2005/02/21 8:0 a.m.10 views

Authentication Buffer Overflows

Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation and for an FTP server to overflow the client during krb4 negotiation. The announcement of this flaw w...

8.8CVSS5.5AI score0.05732EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2003/08/03 8:0 a.m.5 views

Proxy Authentication Header Information Leakage

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server...

7.5CVSS7.2AI score0.01915EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2000/10/13 8:0 a.m.13 views

FTP Server Response Buffer Overflow

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer...

10CVSS5.3AI score0.19247EPSS
Exploits1Affected Software2
Total number of security vulnerabilities206