The annual curl user survey is up. Please donate a few minutes and answer some questions!
curl / Docs / Security Problems / NTLM Authentication Buffer Overflow

NTLM Authentication Buffer Overflow

Project curl Security Advisory, February 21st 2005 - Permalink

VULNERABILITY

Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation. The announcement of this flaw was done without contacting us.

INFO

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-0490 to this issue.

AFFECTED VERSIONS