CVE-2005-4077Off-by-one Error in Stenberg Curl

CWE-18912 documents8 sources
Severity
4.6MEDIUMNVD
EPSS
0.3%
top 49.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Haxx CurlDaniel Stenberg Curl
Timeline
PublishedDec 8
Latest updateMay 3

Description

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

Debianhaxx/curl< 7.15.1-1+3
NVDdaniel_stenberg/curl11 versions+10

Patches

Patch: curl.haxx.sePatch: secunia.comPatch: www.hardened-php.net

🔴Vulnerability Details

3
GHSA
GHSA-c4xg-24hh-cq78: Multiple off-by-one errors in the cURL library (libcurl) 72022-05-03
OSV
CVE-2005-4077: Multiple off-by-one errors in the cURL library (libcurl) 72005-12-08
CVEList
CVE-2005-4077: Multiple off-by-one errors in the cURL library (libcurl) 72005-12-08

📋Vendor Advisories

3
Ubuntu
curl library vulnerability2005-12-13
Red Hat
security flaw2005-12-07
Debian
CVE-2005-4077: curl - Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 a...2005

💬Community

5
Bugzilla
CVE-2005-4077 security flaw2018-08-16
Bugzilla
CVE-2005-4077 not fixed by curl-7.13.1-4.fc42005-12-09
Bugzilla
CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability2005-12-08
Bugzilla
CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability2005-12-08
Bugzilla
CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability2005-12-07
CVE-2005-4077 — Off-by-one Error in Stenberg Curl | cvebase