Kerberos Authentication Buffer Overflow
Project curl Security Advisory, February 21st 2005 - Permalink
Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious FTP server to overflow the client during krb4 negotiation. I don't know of any single user that uses krb4-ftp and I'm not even sure it still works 100%. The announcement was done without contacting us.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-0490 to this issue.