CVE-2005-4077: Buffer Overflow
First published: Thu Dec 08 2005(Updated: )
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| curl | =7.11.2 | |
| curl | =7.12 | |
| curl | =7.12.1 | |
| curl | =7.12.2 | |
| curl | =7.12.3 | |
| curl | =7.13 | |
| curl | =7.13.1 | |
| curl | =7.13.2 | |
| curl | =7.14 | |
| curl | =7.14.1 | |
| curl | =7.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.hardened-php.net/advisory_242005.109.html
- http://curl.haxx.se/docs/adv_20051207.html
- http://www.securityfocus.com/bid/15756
- http://secunia.com/advisories/17907
- http://secunia.com/advisories/17977
- http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml
- http://www.redhat.com/support/errata/RHSA-2005-875.html
- http://secunia.com/advisories/18105
- http://secunia.com/advisories/18188
- http://www.trustix.org/errata/2005/0072/
- http://secunia.com/advisories/18336
- http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
- http://www.debian.org/security/2005/dsa-919
- http://secunia.com/advisories/17960
- http://secunia.com/advisories/17961
- http://secunia.com/advisories/17965
- http://qa.openoffice.org/issues/show_bug.cgi?id=59032
- http://secunia.com/advisories/19261
- http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml
- http://secunia.com/advisories/19433
- http://secunia.com/advisories/19457
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://secunia.com/advisories/20077
- http://www.securityfocus.com/bid/17951
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:224
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://www.vupen.com/english/advisories/2006/1779
- http://www.vupen.com/english/advisories/2006/0960
- http://www.vupen.com/english/advisories/2005/2791
- http://www.vupen.com/english/advisories/2008/0924/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855
- https://usn.ubuntu.com/228-1/
- http://www.securityfocus.com/archive/1/418849/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-4077?
CVE-2005-4077 is considered a high severity vulnerability due to its potential to trigger a buffer overflow and cause denial of service.
How do I fix CVE-2005-4077?
To fix CVE-2005-4077, it is recommended to upgrade the cURL library to a version later than 7.15.0 where the vulnerability is patched.
What are the affected versions of cURL for CVE-2005-4077?
The affected versions of cURL for CVE-2005-4077 range from 7.11.2 to 7.15.0.
Can CVE-2005-4077 be exploited remotely?
CVE-2005-4077 typically requires local access to exploit due to the nature of the buffer overflow vulnerabilities.
What are the consequences of exploiting CVE-2005-4077?
Exploiting CVE-2005-4077 can lead to denial of service or the ability to bypass security restrictions in PHP applications.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/daniel stenberg
- canonical/curl
- version/curl/7.11.2
- version/curl/7.12
- version/curl/7.12.1
- version/curl/7.12.2
- version/curl/7.12.3
- version/curl/7.13
- version/curl/7.13.1
- version/curl/7.13.2
- version/curl/7.14
- version/curl/7.14.1
- version/curl/7.15