CVE-2005-3185
published 2005-10-13CVE-2005-3185: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| curl | curl | — | — |
| debian | curl | < curl 7.15.0-1 (bookworm) | curl 7.15.0-1 (bookworm) |
| debian | wget | < curl 7.15.0-1 (bookworm) | curl 7.15.0-1 (bookworm) |
| gnu | wget | >= 0 < 1.10.2-1 | 1.10.2-1 |
| gnu | wget | >= 0 < 1.10.2-1 | 1.10.2-1 |
| gnu | wget | >= 0 < 1.10.2-1 | 1.10.2-1 |
| gnu | wget | >= 0 < 1.10.2-1 | 1.10.2-1 |
| haxx | curl | >= 0 < 7.15.0-1 | 7.15.0-1 |
| haxx | curl | >= 0 < 7.15.0-1 | 7.15.0-1 |
| haxx | curl | >= 0 < 7.15.0-1 | 7.15.0-1 |
| haxx | curl | >= 0 < 7.15.0-1 | 7.15.0-1 |
| libcurl | libcurl | — | — |
| wget | wget | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH