CVE-2005-0490

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Status

Package Ubuntu Release Status
curl 7.04 feisty
Fixed 7.15.5-1ubuntu2.1
6.10 edgy
Fixed 7.15.4-1ubuntu2.2
6.06 LTS dapper
Fixed 7.15.1-1ubuntu2.1

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.8 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-86-1
    • cURL vulnerability
    • 28 February 2005

Other references

Access our resources on patching vulnerabilities