cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl NTLM Buffer Overflow Vulnerability

From: Gerd v. Egidy <lists_at_egidy.de>
Date: Fri, 14 Oct 2005 10:24:15 +0200

> libcurl NTLM Buffer Overflow Vulnerability
> ==========================================
>
> Project cURL Security Advisory, October 13th 2005
> http://curl.haxx.se/docs/security.html
>
> 1. VULNERABILITY
>
> libcurl's NTLM function can overflow a stack-based buffer if given a too
> long user name or domain name. This would happen if you enable NTLM
> authentication and either:

do you have a CVE number for this?

Kind regards,

Gerd
Received on 2005-10-14