curl / Docs / Security Problems / NTLM Authentication Buffer Overflow

NTLM Authentication Buffer Overflow

Project curl Security Advisory, February 21st 2005 - Permalink


Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation. The announcement of this flaw was done without contacting us.


The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-0490 to this issue.

CWE-121: Stack-based Buffer Overflow