CVE-2005-4077 in cURLinfo

Summary

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/08/2005

Disclosure

12/07/2005

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-189 (Confirmed)

CVSS

5.9

EPSS

0.00266

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-4077
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4077
CVE Details	https://www.cvedetails.com/cve/CVE-2005-4077/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!