Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for libcurl by libcurl

    VAR-200505-0198

    Vulnerability from variot - Updated: 2025-04-03 22:34

    Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. cURL/libcURL 7.13.0 Previously, Kerberos Authentication and NTLM from the site performing the authentication. It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.

    Background

    curl is a command line tool for transferring files via many different protocols.

    Affected packages

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.13.1 >= 7.13.1

    Description

    curl fails to properly check boundaries when handling NTLM authentication.

    Impact

    With a malicious server an attacker could send a carefully crafted NTLM response to a connecting client leading to the execution of arbitrary code with the permissions of the user running curl.

    Workaround

    Disable NTLM authentication by not using the --anyauth or --ntlm options.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/curl-7.13.1"
    

    References

    [ 1 ] CAN-2005-0490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200503-20.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.0

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200505-0198",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "libcurl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.1"
          },
          {
            "model": "curl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.12.1"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "3 (ws)"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "4 (as)"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "4 (es)"
          },
          {
            "model": "asianux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "3 (es)"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "4 (ws)"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "2.1 (ws)"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "3 (as)"
          },
          {
            "model": "turbolinux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
            "version": null
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "2.1 (es)"
          },
          {
            "model": "red hat enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
            "version": "2.1 (as)"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.4.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.2"
          },
          {
            "model": "linux alt linux junior",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "alt",
            "version": "2.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mandriva",
            "version": "10.1"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.6"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "model": "linux mandrake amd64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mandriva",
            "version": "10.0"
          },
          {
            "model": "big-ip",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.13"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.13"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.3"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.12"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "model": "big-ip",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.6.3"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.2"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.4"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.11.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "6.5.1"
          },
          {
            "model": "3-dns",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.13"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.4"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.4"
          },
          {
            "model": "3-dns",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.6.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "6.5.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.12.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.12.1"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.11"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.6.2"
          },
          {
            "model": "propack",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.2.1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.12.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.7"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.6,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.6"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.12"
          },
          {
            "model": "stenberg curl",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.13.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.5"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.11"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mandriva",
            "version": "10.1"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.0"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.11"
          },
          {
            "model": "3-dns",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.6.2"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.6"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.9"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.11.1"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.3"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.12"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.6"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.8"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.10.4"
          },
          {
            "model": "linux alt linux compact",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "alt",
            "version": "2.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.1.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mandriva",
            "version": "10.0"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "daniel",
            "version": "7.1"
          },
          {
            "model": "big-ip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "f5",
            "version": "4.5.10"
          },
          {
            "model": "libcurl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "libcurl",
            "version": "7.12.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.5.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.10.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.5"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.7"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.5"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.4"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.5.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.6"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.7.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.7.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.0"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.8"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.4.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.4"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.3"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.8"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.6"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.7"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.8.1"
          },
          {
            "model": "stenberg curl beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "6.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.9.5"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.7.1"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.6.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "1.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8.0"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.2"
          },
          {
            "model": "stenberg curl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "daniel",
            "version": "7.8.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Credited to infamous41md[at]hotpop.com.",
        "sources": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2005-0490",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CVE-2005-0490",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2005-0490",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2005-0490",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2005-0490",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2005-0490",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200505-184",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. cURL/libcURL 7.13.0 Previously, Kerberos Authentication and NTLM from the site performing the authentication. It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability.  The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded. \nThe overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions. \n\nBackground\n==========\n\ncurl is a command line tool for transferring files via many different\nprotocols. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package        /  Vulnerable  /                        Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl      \u003c 7.13.1                             \u003e= 7.13.1\n\nDescription\n===========\n\ncurl fails to properly check boundaries when handling NTLM\nauthentication. \n\nImpact\n======\n\nWith a malicious server an attacker could send a carefully crafted NTLM\nresponse to a connecting client leading to the execution of arbitrary\ncode with the permissions of the user running curl. \n\nWorkaround\n==========\n\nDisable NTLM authentication by not using the --anyauth or --ntlm\noptions. \n\nResolution\n==========\n\nAll curl users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.13.1\"\n\nReferences\n==========\n\n  [ 1 ] CAN-2005-0490\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200503-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2005 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.0\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          },
          {
            "db": "PACKETSTORM",
            "id": "36663"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2005-0490",
            "trust": 3.9
          },
          {
            "db": "BID",
            "id": "12616",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "12615",
            "trust": 2.7
          },
          {
            "db": "SECUNIA",
            "id": "14364",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134",
            "trust": 0.8
          },
          {
            "db": "GENTOO",
            "id": "GLSA-200503-20",
            "trust": 0.6
          },
          {
            "db": "MANDRAKE",
            "id": "MDKSA-2005:048",
            "trust": 0.6
          },
          {
            "db": "REDHAT",
            "id": "RHSA-2005:340",
            "trust": 0.6
          },
          {
            "db": "IDEFENSE",
            "id": "20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL NTLM AUTHENTICATION BUFFER OVERFLOW VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "IDEFENSE",
            "id": "20050221 MULTIPLE UNIX/LINUX VENDOR CURL/LIBCURL KERBEROS AUTHENTICATION BUFFER OVERFLOW VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "SUSE",
            "id": "SUSE-SA:2005:011",
            "trust": 0.6
          },
          {
            "db": "CONECTIVA",
            "id": "CLA-2005:940",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "19423",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20050228 [USN-86-1] CURL VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-184",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "36663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "PACKETSTORM",
            "id": "36663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "id": "VAR-200505-0198",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4615448
      },
      "last_update_date": "2025-04-03T22:34:58.255000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RHSA-2005",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=185"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-131",
            "trust": 1.0
          },
          {
            "problemtype": "Miscalculation of buffer size (CWE-131) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/12616"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/12615"
          },
          {
            "trust": 1.6,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml"
          },
          {
            "trust": 1.6,
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000940"
          },
          {
            "trust": 1.6,
            "url": "http://www.idefense.com/application/poi/display?id=203\u0026type=vulnerabilities"
          },
          {
            "trust": 1.6,
            "url": "http://www.idefense.com/application/poi/display?id=202\u0026type=vulnerabilities"
          },
          {
            "trust": 1.6,
            "url": "http://www.redhat.com/support/errata/rhsa-2005-340.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.novell.com/linux/security/advisories/2005_11_curl.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:048"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=full-disclosure\u0026m=110959085507755\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10273"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19423"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0490"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/14364/"
          },
          {
            "trust": 0.6,
            "url": "http://lists.altlinux.ru/pipermail/security-announce/2005-march/000287.html"
          },
          {
            "trust": 0.6,
            "url": "http://curl.haxx.se/"
          },
          {
            "trust": 0.6,
            "url": "http://curl.haxx.se/changes.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.f5.com/"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2005-340.html"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=full-disclosure\u0026m=110959085507755\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/19423"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/391041"
          },
          {
            "trust": 0.3,
            "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=202"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.0"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-0490"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0490"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-200503-20.xml"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "PACKETSTORM",
            "id": "36663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "db": "PACKETSTORM",
            "id": "36663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-02-22T00:00:00",
            "db": "BID",
            "id": "12616"
          },
          {
            "date": "2005-02-22T00:00:00",
            "db": "BID",
            "id": "12615"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "date": "2005-03-22T05:24:05",
            "db": "PACKETSTORM",
            "id": "36663"
          },
          {
            "date": "2005-02-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "date": "2005-05-02T04:00:00",
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-08-24T17:54:00",
            "db": "BID",
            "id": "12616"
          },
          {
            "date": "2006-08-24T17:54:00",
            "db": "BID",
            "id": "12615"
          },
          {
            "date": "2024-02-27T05:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200505-184"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2005-0490"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cURL/libcURL\u00a0 of \u00a0Kerberos\u00a0 Authentication and \u00a0NTLM\u00a0 Buffer overflow vulnerability in authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2005-000134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "12616"
          },
          {
            "db": "BID",
            "id": "12615"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2009-2417 (GCVE-0-2009-2417)

    Vulnerability from nvd – Published: 2009-08-14 15:00 – Updated: 2024-08-07 05:52
    VLAI
    Summary
    lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE… x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE… x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE… x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/506055/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/37471 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/2263 vdb-entryx_refsource_VUPEN
    http://www.ubuntu.com/usn/USN-1158-1 vendor-advisoryx_refsource_UBUNTU
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://secunia.com/advisories/36238 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE… x_refsource_CONFIRM
    http://wiki.rpath.com/Advisories:rPSA-2009-0124 x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36475 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://curl.haxx.se/docs/adv_20090812.txt x_refsource_CONFIRM
    http://secunia.com/advisories/45047 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36032 vdb-entryx_refsource_BID
    http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE… x_refsource_CONFIRM
    Date Public
    2009-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:52:14.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
              },
              {
                "name": "20090824 rPSA-2009-0124-1 curl",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
              },
              {
                "name": "37471",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37471"
              },
              {
                "name": "ADV-2009-2263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2263"
              },
              {
                "name": "USN-1158-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1158-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "36238",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36238"
              },
              {
                "name": "APPLE-SA-2010-03-29-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
              },
              {
                "name": "curl-certificate-security-bypass(52405)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
              },
              {
                "name": "oval:org.mitre.oval:def:8542",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4077"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
              },
              {
                "name": "36475",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36475"
              },
              {
                "name": "oval:org.mitre.oval:def:10114",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/docs/adv_20090812.txt"
              },
              {
                "name": "45047",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45047"
              },
              {
                "name": "36032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36032"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
            },
            {
              "name": "20090824 rPSA-2009-0124-1 curl",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
            },
            {
              "name": "37471",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "ADV-2009-2263",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2263"
            },
            {
              "name": "USN-1158-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1158-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "36238",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36238"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "curl-certificate-security-bypass(52405)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
            },
            {
              "name": "oval:org.mitre.oval:def:8542",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
            },
            {
              "name": "36475",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36475"
            },
            {
              "name": "oval:org.mitre.oval:def:10114",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/docs/adv_20090812.txt"
            },
            {
              "name": "45047",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45047"
            },
            {
              "name": "36032",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36032"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-2417",
        "datePublished": "2009-08-14T15:00:00.000Z",
        "dateReserved": "2009-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:52:14.669Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3564 (GCVE-0-2007-3564)

    Vulnerability from nvd – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:21
    VLAI
    Summary
    libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26231 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2551 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26128 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26108 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/24938 vdb-entryx_refsource_BID
    http://www.trustix.org/errata/2007/0023/ vendor-advisoryx_refsource_TRUSTIX
    http://secunia.com/advisories/26104 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-484-1 vendor-advisoryx_refsource_UBUNTU
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.curl.haxx.se/docs/adv_20070710.html x_refsource_MISC
    http://www.debian.org/security/2007/dsa-1333 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2007-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:21:36.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26231",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26231"
              },
              {
                "name": "ADV-2007-2551",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2551"
              },
              {
                "name": "26128",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26128"
              },
              {
                "name": "26108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26108"
              },
              {
                "name": "24938",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24938"
              },
              {
                "name": "2007-0023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2007/0023/"
              },
              {
                "name": "26104",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26104"
              },
              {
                "name": "USN-484-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-484-1"
              },
              {
                "name": "libcurl-gnutls-weak-security(35479)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.curl.haxx.se/docs/adv_20070710.html"
              },
              {
                "name": "DSA-1333",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1333"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "26231",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26231"
            },
            {
              "name": "ADV-2007-2551",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2551"
            },
            {
              "name": "26128",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26128"
            },
            {
              "name": "26108",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26108"
            },
            {
              "name": "24938",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24938"
            },
            {
              "name": "2007-0023",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2007/0023/"
            },
            {
              "name": "26104",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26104"
            },
            {
              "name": "USN-484-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-484-1"
            },
            {
              "name": "libcurl-gnutls-weak-security(35479)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.curl.haxx.se/docs/adv_20070710.html"
            },
            {
              "name": "DSA-1333",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1333"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2007-3564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26231",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26231"
                },
                {
                  "name": "ADV-2007-2551",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2551"
                },
                {
                  "name": "26128",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26128"
                },
                {
                  "name": "26108",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26108"
                },
                {
                  "name": "24938",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24938"
                },
                {
                  "name": "2007-0023",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2007/0023/"
                },
                {
                  "name": "26104",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26104"
                },
                {
                  "name": "USN-484-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-484-1"
                },
                {
                  "name": "libcurl-gnutls-weak-security(35479)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479"
                },
                {
                  "name": "http://www.curl.haxx.se/docs/adv_20070710.html",
                  "refsource": "MISC",
                  "url": "http://www.curl.haxx.se/docs/adv_20070710.html"
                },
                {
                  "name": "DSA-1333",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1333"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2007-3564",
        "datePublished": "2007-07-18T17:00:00.000Z",
        "dateReserved": "2007-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:21:36.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3185 (GCVE-0-2005-3185)

    Vulnerability from nvd – Published: 2005-10-13 04:00 – Updated: 2024-08-07 23:01
    VLAI
    Summary
    Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/17247 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://www.redhat.com/support/errata/RHSA-2005-812.html vendor-advisoryx_refsource_REDHAT
    http://securitytracker.com/id?1015057 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/17813 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17485 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2005/2659 vdb-entryx_refsource_VUPEN
    http://lists.trustix.org/pipermail/tsl-announce/2… vendor-advisoryx_refsource_TRUSTIX
    http://www.debian.org/security/2005/dsa-919 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2005/2088 vdb-entryx_refsource_VUPEN
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/17297 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/82 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/17193 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17403 third-party-advisoryx_refsource_SECUNIA
    https://usn.ubuntu.com/205-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/17208 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://docs.info.apple.com/article.html?artnum=302847 vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/bid/15102 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17203 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17965 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2005/2125 vdb-entryx_refsource_VUPEN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/17400 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17192 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/15647 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://securitytracker.com/id?1015056 vdb-entryx_refsource_SECTRACK
    http://www.redhat.com/support/errata/RHSA-2005-807.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/19193 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    http://secunia.com/advisories/17320 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/20011 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/17228 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:01:59.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=322\u0026type=vulnerabilities"
              },
              {
                "name": "17247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17247"
              },
              {
                "name": "FEDORA-2005-1000",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html"
              },
              {
                "name": "RHSA-2005:812",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-812.html"
              },
              {
                "name": "1015057",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015057"
              },
              {
                "name": "17813",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17813"
              },
              {
                "name": "17485",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17485"
              },
              {
                "name": "ADV-2005-2659",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2659"
              },
              {
                "name": "TSLSA-2005-0059",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
              },
              {
                "name": "DSA-919",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-919"
              },
              {
                "name": "wget-curl-ntlm-username-bo(22721)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22721"
              },
              {
                "name": "ADV-2005-2088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2088"
              },
              {
                "name": "FEDORA-2005-1129",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
              },
              {
                "name": "17297",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17297"
              },
              {
                "name": "82",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/82"
              },
              {
                "name": "17193",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17193"
              },
              {
                "name": "17403",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17403"
              },
              {
                "name": "USN-205-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/205-1/"
              },
              {
                "name": "17208",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17208"
              },
              {
                "name": "SUSE-SA:2005:063",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html"
              },
              {
                "name": "oval:org.mitre.oval:def:9810",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810"
              },
              {
                "name": "APPLE-SA-2005-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302847"
              },
              {
                "name": "15102",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15102"
              },
              {
                "name": "17203",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17203"
              },
              {
                "name": "17965",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17965"
              },
              {
                "name": "ADV-2005-2125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2125"
              },
              {
                "name": "MDKSA-2005:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:182"
              },
              {
                "name": "17400",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17400"
              },
              {
                "name": "17192",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17192"
              },
              {
                "name": "15647",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15647"
              },
              {
                "name": "GLSA-200510-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml"
              },
              {
                "name": "1015056",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015056"
              },
              {
                "name": "RHSA-2005:807",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-807.html"
              },
              {
                "name": "19193",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19193"
              },
              {
                "name": "SCOSA-2006.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
              },
              {
                "name": "SSA:2005-310-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.519010"
              },
              {
                "name": "17320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17320"
              },
              {
                "name": "20011",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/20011"
              },
              {
                "name": "17228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17228"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=322\u0026type=vulnerabilities"
            },
            {
              "name": "17247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17247"
            },
            {
              "name": "FEDORA-2005-1000",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html"
            },
            {
              "name": "RHSA-2005:812",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-812.html"
            },
            {
              "name": "1015057",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015057"
            },
            {
              "name": "17813",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17813"
            },
            {
              "name": "17485",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17485"
            },
            {
              "name": "ADV-2005-2659",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2659"
            },
            {
              "name": "TSLSA-2005-0059",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
            },
            {
              "name": "DSA-919",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-919"
            },
            {
              "name": "wget-curl-ntlm-username-bo(22721)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22721"
            },
            {
              "name": "ADV-2005-2088",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2088"
            },
            {
              "name": "FEDORA-2005-1129",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
            },
            {
              "name": "17297",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17297"
            },
            {
              "name": "82",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/82"
            },
            {
              "name": "17193",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17193"
            },
            {
              "name": "17403",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17403"
            },
            {
              "name": "USN-205-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/205-1/"
            },
            {
              "name": "17208",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17208"
            },
            {
              "name": "SUSE-SA:2005:063",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9810",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810"
            },
            {
              "name": "APPLE-SA-2005-11-29",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302847"
            },
            {
              "name": "15102",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15102"
            },
            {
              "name": "17203",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17203"
            },
            {
              "name": "17965",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17965"
            },
            {
              "name": "ADV-2005-2125",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2125"
            },
            {
              "name": "MDKSA-2005:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:182"
            },
            {
              "name": "17400",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17400"
            },
            {
              "name": "17192",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17192"
            },
            {
              "name": "15647",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15647"
            },
            {
              "name": "GLSA-200510-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml"
            },
            {
              "name": "1015056",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015056"
            },
            {
              "name": "RHSA-2005:807",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-807.html"
            },
            {
              "name": "19193",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19193"
            },
            {
              "name": "SCOSA-2006.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
            },
            {
              "name": "SSA:2005-310-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.519010"
            },
            {
              "name": "17320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17320"
            },
            {
              "name": "20011",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/20011"
            },
            {
              "name": "17228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17228"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=322\u0026type=vulnerabilities"
                },
                {
                  "name": "17247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17247"
                },
                {
                  "name": "FEDORA-2005-1000",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html"
                },
                {
                  "name": "RHSA-2005:812",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-812.html"
                },
                {
                  "name": "1015057",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015057"
                },
                {
                  "name": "17813",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17813"
                },
                {
                  "name": "17485",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17485"
                },
                {
                  "name": "ADV-2005-2659",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2659"
                },
                {
                  "name": "TSLSA-2005-0059",
                  "refsource": "TRUSTIX",
                  "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
                },
                {
                  "name": "DSA-919",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-919"
                },
                {
                  "name": "wget-curl-ntlm-username-bo(22721)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22721"
                },
                {
                  "name": "ADV-2005-2088",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2088"
                },
                {
                  "name": "FEDORA-2005-1129",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
                },
                {
                  "name": "17297",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17297"
                },
                {
                  "name": "82",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/82"
                },
                {
                  "name": "17193",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17193"
                },
                {
                  "name": "17403",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17403"
                },
                {
                  "name": "USN-205-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/205-1/"
                },
                {
                  "name": "17208",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17208"
                },
                {
                  "name": "SUSE-SA:2005:063",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:9810",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810"
                },
                {
                  "name": "APPLE-SA-2005-11-29",
                  "refsource": "APPLE",
                  "url": "http://docs.info.apple.com/article.html?artnum=302847"
                },
                {
                  "name": "15102",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15102"
                },
                {
                  "name": "17203",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17203"
                },
                {
                  "name": "17965",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17965"
                },
                {
                  "name": "ADV-2005-2125",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2125"
                },
                {
                  "name": "MDKSA-2005:182",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:182"
                },
                {
                  "name": "17400",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17400"
                },
                {
                  "name": "17192",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17192"
                },
                {
                  "name": "15647",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15647"
                },
                {
                  "name": "GLSA-200510-19",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml"
                },
                {
                  "name": "1015056",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015056"
                },
                {
                  "name": "RHSA-2005:807",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-807.html"
                },
                {
                  "name": "19193",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19193"
                },
                {
                  "name": "SCOSA-2006.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
                },
                {
                  "name": "SSA:2005-310-01",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.519010"
                },
                {
                  "name": "17320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17320"
                },
                {
                  "name": "20011",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/20011"
                },
                {
                  "name": "17228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17228"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3185",
        "datePublished": "2005-10-13T04:00:00.000Z",
        "dateReserved": "2005-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:01:59.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2417 (GCVE-0-2009-2417)

    Vulnerability from cvelistv5 – Published: 2009-08-14 15:00 – Updated: 2024-08-07 05:52
    VLAI
    Summary
    lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE… x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE… x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE… x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/506055/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/37471 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/2263 vdb-entryx_refsource_VUPEN
    http://www.ubuntu.com/usn/USN-1158-1 vendor-advisoryx_refsource_UBUNTU
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://secunia.com/advisories/36238 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE… x_refsource_CONFIRM
    http://wiki.rpath.com/Advisories:rPSA-2009-0124 x_refsource_CONFIRM
    http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36475 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://curl.haxx.se/docs/adv_20090812.txt x_refsource_CONFIRM
    http://secunia.com/advisories/45047 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36032 vdb-entryx_refsource_BID
    http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE… x_refsource_CONFIRM
    Date Public
    2009-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:52:14.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
              },
              {
                "name": "20090824 rPSA-2009-0124-1 curl",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
              },
              {
                "name": "37471",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37471"
              },
              {
                "name": "ADV-2009-2263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2263"
              },
              {
                "name": "USN-1158-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1158-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "36238",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36238"
              },
              {
                "name": "APPLE-SA-2010-03-29-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
              },
              {
                "name": "curl-certificate-security-bypass(52405)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
              },
              {
                "name": "oval:org.mitre.oval:def:8542",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4077"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
              },
              {
                "name": "36475",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36475"
              },
              {
                "name": "oval:org.mitre.oval:def:10114",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/docs/adv_20090812.txt"
              },
              {
                "name": "45047",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45047"
              },
              {
                "name": "36032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36032"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
            },
            {
              "name": "20090824 rPSA-2009-0124-1 curl",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
            },
            {
              "name": "37471",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "ADV-2009-2263",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2263"
            },
            {
              "name": "USN-1158-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1158-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "36238",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36238"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "curl-certificate-security-bypass(52405)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
            },
            {
              "name": "oval:org.mitre.oval:def:8542",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
            },
            {
              "name": "36475",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36475"
            },
            {
              "name": "oval:org.mitre.oval:def:10114",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/docs/adv_20090812.txt"
            },
            {
              "name": "45047",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45047"
            },
            {
              "name": "36032",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36032"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-2417",
        "datePublished": "2009-08-14T15:00:00.000Z",
        "dateReserved": "2009-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:52:14.669Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3564 (GCVE-0-2007-3564)

    Vulnerability from cvelistv5 – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:21
    VLAI
    Summary
    libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26231 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2551 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26128 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26108 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/24938 vdb-entryx_refsource_BID
    http://www.trustix.org/errata/2007/0023/ vendor-advisoryx_refsource_TRUSTIX
    http://secunia.com/advisories/26104 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-484-1 vendor-advisoryx_refsource_UBUNTU
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.curl.haxx.se/docs/adv_20070710.html x_refsource_MISC
    http://www.debian.org/security/2007/dsa-1333 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2007-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:21:36.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26231",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26231"
              },
              {
                "name": "ADV-2007-2551",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2551"
              },
              {
                "name": "26128",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26128"
              },
              {
                "name": "26108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26108"
              },
              {
                "name": "24938",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24938"
              },
              {
                "name": "2007-0023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2007/0023/"
              },
              {
                "name": "26104",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26104"
              },
              {
                "name": "USN-484-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-484-1"
              },
              {
                "name": "libcurl-gnutls-weak-security(35479)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.curl.haxx.se/docs/adv_20070710.html"
              },
              {
                "name": "DSA-1333",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1333"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "26231",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26231"
            },
            {
              "name": "ADV-2007-2551",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2551"
            },
            {
              "name": "26128",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26128"
            },
            {
              "name": "26108",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26108"
            },
            {
              "name": "24938",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24938"
            },
            {
              "name": "2007-0023",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2007/0023/"
            },
            {
              "name": "26104",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26104"
            },
            {
              "name": "USN-484-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-484-1"
            },
            {
              "name": "libcurl-gnutls-weak-security(35479)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.curl.haxx.se/docs/adv_20070710.html"
            },
            {
              "name": "DSA-1333",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1333"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2007-3564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26231",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26231"
                },
                {
                  "name": "ADV-2007-2551",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2551"
                },
                {
                  "name": "26128",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26128"
                },
                {
                  "name": "26108",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26108"
                },
                {
                  "name": "24938",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24938"
                },
                {
                  "name": "2007-0023",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2007/0023/"
                },
                {
                  "name": "26104",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26104"
                },
                {
                  "name": "USN-484-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-484-1"
                },
                {
                  "name": "libcurl-gnutls-weak-security(35479)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479"
                },
                {
                  "name": "http://www.curl.haxx.se/docs/adv_20070710.html",
                  "refsource": "MISC",
                  "url": "http://www.curl.haxx.se/docs/adv_20070710.html"
                },
                {
                  "name": "DSA-1333",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1333"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2007-3564",
        "datePublished": "2007-07-18T17:00:00.000Z",
        "dateReserved": "2007-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:21:36.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3185 (GCVE-0-2005-3185)

    Vulnerability from cvelistv5 – Published: 2005-10-13 04:00 – Updated: 2024-08-07 23:01
    VLAI
    Summary
    Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/17247 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://www.redhat.com/support/errata/RHSA-2005-812.html vendor-advisoryx_refsource_REDHAT
    http://securitytracker.com/id?1015057 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/17813 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17485 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2005/2659 vdb-entryx_refsource_VUPEN
    http://lists.trustix.org/pipermail/tsl-announce/2… vendor-advisoryx_refsource_TRUSTIX
    http://www.debian.org/security/2005/dsa-919 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2005/2088 vdb-entryx_refsource_VUPEN
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/17297 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/82 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/17193 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17403 third-party-advisoryx_refsource_SECUNIA
    https://usn.ubuntu.com/205-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/17208 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://docs.info.apple.com/article.html?artnum=302847 vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/bid/15102 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17203 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17965 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2005/2125 vdb-entryx_refsource_VUPEN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/17400 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17192 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/15647 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://securitytracker.com/id?1015056 vdb-entryx_refsource_SECTRACK
    http://www.redhat.com/support/errata/RHSA-2005-807.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/19193 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    http://secunia.com/advisories/17320 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/20011 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/17228 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:01:59.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=322\u0026type=vulnerabilities"
              },
              {
                "name": "17247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17247"
              },
              {
                "name": "FEDORA-2005-1000",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html"
              },
              {
                "name": "RHSA-2005:812",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-812.html"
              },
              {
                "name": "1015057",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015057"
              },
              {
                "name": "17813",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17813"
              },
              {
                "name": "17485",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17485"
              },
              {
                "name": "ADV-2005-2659",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2659"
              },
              {
                "name": "TSLSA-2005-0059",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
              },
              {
                "name": "DSA-919",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-919"
              },
              {
                "name": "wget-curl-ntlm-username-bo(22721)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22721"
              },
              {
                "name": "ADV-2005-2088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2088"
              },
              {
                "name": "FEDORA-2005-1129",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
              },
              {
                "name": "17297",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17297"
              },
              {
                "name": "82",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/82"
              },
              {
                "name": "17193",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17193"
              },
              {
                "name": "17403",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17403"
              },
              {
                "name": "USN-205-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/205-1/"
              },
              {
                "name": "17208",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17208"
              },
              {
                "name": "SUSE-SA:2005:063",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html"
              },
              {
                "name": "oval:org.mitre.oval:def:9810",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810"
              },
              {
                "name": "APPLE-SA-2005-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302847"
              },
              {
                "name": "15102",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15102"
              },
              {
                "name": "17203",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17203"
              },
              {
                "name": "17965",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17965"
              },
              {
                "name": "ADV-2005-2125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2125"
              },
              {
                "name": "MDKSA-2005:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:182"
              },
              {
                "name": "17400",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17400"
              },
              {
                "name": "17192",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17192"
              },
              {
                "name": "15647",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15647"
              },
              {
                "name": "GLSA-200510-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml"
              },
              {
                "name": "1015056",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015056"
              },
              {
                "name": "RHSA-2005:807",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-807.html"
              },
              {
                "name": "19193",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19193"
              },
              {
                "name": "SCOSA-2006.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
              },
              {
                "name": "SSA:2005-310-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.519010"
              },
              {
                "name": "17320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17320"
              },
              {
                "name": "20011",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/20011"
              },
              {
                "name": "17228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17228"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=322\u0026type=vulnerabilities"
            },
            {
              "name": "17247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17247"
            },
            {
              "name": "FEDORA-2005-1000",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html"
            },
            {
              "name": "RHSA-2005:812",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-812.html"
            },
            {
              "name": "1015057",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015057"
            },
            {
              "name": "17813",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17813"
            },
            {
              "name": "17485",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17485"
            },
            {
              "name": "ADV-2005-2659",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2659"
            },
            {
              "name": "TSLSA-2005-0059",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
            },
            {
              "name": "DSA-919",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-919"
            },
            {
              "name": "wget-curl-ntlm-username-bo(22721)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22721"
            },
            {
              "name": "ADV-2005-2088",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2088"
            },
            {
              "name": "FEDORA-2005-1129",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
            },
            {
              "name": "17297",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17297"
            },
            {
              "name": "82",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/82"
            },
            {
              "name": "17193",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17193"
            },
            {
              "name": "17403",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17403"
            },
            {
              "name": "USN-205-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/205-1/"
            },
            {
              "name": "17208",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17208"
            },
            {
              "name": "SUSE-SA:2005:063",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9810",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810"
            },
            {
              "name": "APPLE-SA-2005-11-29",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302847"
            },
            {
              "name": "15102",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15102"
            },
            {
              "name": "17203",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17203"
            },
            {
              "name": "17965",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17965"
            },
            {
              "name": "ADV-2005-2125",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2125"
            },
            {
              "name": "MDKSA-2005:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:182"
            },
            {
              "name": "17400",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17400"
            },
            {
              "name": "17192",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17192"
            },
            {
              "name": "15647",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15647"
            },
            {
              "name": "GLSA-200510-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml"
            },
            {
              "name": "1015056",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015056"
            },
            {
              "name": "RHSA-2005:807",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-807.html"
            },
            {
              "name": "19193",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19193"
            },
            {
              "name": "SCOSA-2006.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
            },
            {
              "name": "SSA:2005-310-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.519010"
            },
            {
              "name": "17320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17320"
            },
            {
              "name": "20011",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/20011"
            },
            {
              "name": "17228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17228"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20051013 Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=322\u0026type=vulnerabilities"
                },
                {
                  "name": "17247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17247"
                },
                {
                  "name": "FEDORA-2005-1000",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html"
                },
                {
                  "name": "RHSA-2005:812",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-812.html"
                },
                {
                  "name": "1015057",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015057"
                },
                {
                  "name": "17813",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17813"
                },
                {
                  "name": "17485",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17485"
                },
                {
                  "name": "ADV-2005-2659",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2659"
                },
                {
                  "name": "TSLSA-2005-0059",
                  "refsource": "TRUSTIX",
                  "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
                },
                {
                  "name": "DSA-919",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-919"
                },
                {
                  "name": "wget-curl-ntlm-username-bo(22721)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22721"
                },
                {
                  "name": "ADV-2005-2088",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2088"
                },
                {
                  "name": "FEDORA-2005-1129",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
                },
                {
                  "name": "17297",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17297"
                },
                {
                  "name": "82",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/82"
                },
                {
                  "name": "17193",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17193"
                },
                {
                  "name": "17403",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17403"
                },
                {
                  "name": "USN-205-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/205-1/"
                },
                {
                  "name": "17208",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17208"
                },
                {
                  "name": "SUSE-SA:2005:063",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:9810",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810"
                },
                {
                  "name": "APPLE-SA-2005-11-29",
                  "refsource": "APPLE",
                  "url": "http://docs.info.apple.com/article.html?artnum=302847"
                },
                {
                  "name": "15102",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15102"
                },
                {
                  "name": "17203",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17203"
                },
                {
                  "name": "17965",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17965"
                },
                {
                  "name": "ADV-2005-2125",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2125"
                },
                {
                  "name": "MDKSA-2005:182",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:182"
                },
                {
                  "name": "17400",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17400"
                },
                {
                  "name": "17192",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17192"
                },
                {
                  "name": "15647",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15647"
                },
                {
                  "name": "GLSA-200510-19",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml"
                },
                {
                  "name": "1015056",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015056"
                },
                {
                  "name": "RHSA-2005:807",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-807.html"
                },
                {
                  "name": "19193",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19193"
                },
                {
                  "name": "SCOSA-2006.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
                },
                {
                  "name": "SSA:2005-310-01",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.519010"
                },
                {
                  "name": "17320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17320"
                },
                {
                  "name": "20011",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/20011"
                },
                {
                  "name": "17228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17228"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3185",
        "datePublished": "2005-10-13T04:00:00.000Z",
        "dateReserved": "2005-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:01:59.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }