NVD

Id
69715  
Name
CVE-2005-4077  
Description
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.  
Reject
 
CVSS Version
2  
CVSS Score
4.6  
Severity
Medium  
CVSS Base Score
4.6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2005-12-07  
Modified Date
2011-09-08  
Seq
2005-4077  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
360229 69715 CVE-2005-4077 SCOSA-2006.16  View
360230 69715 CVE-2005-4077 http://curl.haxx.se/docs/adv_20051207.html  View
360231 69715 CVE-2005-4077 http://docs.info.apple.com/article.html?artnum=307562  View
360232 69715 CVE-2005-4077 APPLE-SA-2006-05-11  View
360233 69715 CVE-2005-4077 APPLE-SA-2008-03-18  View
360234 69715 CVE-2005-4077 oval:org.mitre.oval:def:10855  View
360235 69715 CVE-2005-4077 http://qa.openoffice.org/issues/show_bug.cgi?id=59032  View
360236 69715 CVE-2005-4077 DSA-919  View
360237 69715 CVE-2005-4077 GLSA-200512-09  View
360238 69715 CVE-2005-4077 GLSA-200603-25  View
360239 69715 CVE-2005-4077 http://www.hardened-php.net/advisory_242005.109.html  View
360240 69715 CVE-2005-4077 MDKSA-2005:224  View
360241 69715 CVE-2005-4077 FEDORA-2005-1129  View
360242 69715 CVE-2005-4077 RHSA-2005:875  View
360243 69715 CVE-2005-4077 20051207 Advisory 24/2005: libcurl URL parsing vulnerability  View
360244 69715 CVE-2005-4077 15756  View
360245 69715 CVE-2005-4077 17951  View
360246 69715 CVE-2005-4077 TSLSA-2005-0072  View
360247 69715 CVE-2005-4077 USN-228-1  View
360248 69715 CVE-2005-4077 TA06-132A  View
360249 69715 CVE-2005-4077 ADV-2005-2791  View
360250 69715 CVE-2005-4077 ADV-2006-0960  View
360251 69715 CVE-2005-4077 ADV-2006-1779  View
360252 69715 CVE-2005-4077 ADV-2008-0924  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
62518 JVNDB-2005-000720 libcURL における URL パーサの不適切な URL 処理によるバッファオーバーフローの脆弱性 libcURL における URL パーサには、プロトコル接頭辞 (http:// 等) やスラッシュが含まれていない 256 bytes 以上の URL、あるいはホスト名とクエリ部分のセパレータとして特定の文字のみが使用される過度に長い URL を処理した際に、バッファオーバーフローが発生する脆弱性が存在します。 CVE-2005-4077 15279 CVE-2005-4077 69715 4.6 http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000720.html 2005-12-07 2008-03-31 View