Vulnerability Name:

CVE-2005-4077 (CCN-23538)

Assigned:2005-12-07
Published:2005-12-07
Updated:2018-10-19
Summary:Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Privileges
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.16

Source: CCN
Type: cURL Web site
cURL and libcurl

Source: CCN
Type: Security Advisory December 7th 2005
libcurl URL Buffer Overflow Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://curl.haxx.se/docs/adv_20051207.html

Source: MITRE
Type: CNA
CVE-2005-4077

Source: CCN
Type: Apple Web site
About Security Update 2008-002

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307562

Source: CCN
Type: Apple Security Update 2006-003
About Security Update 2006-003

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-05-11

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-03-18

Source: CCN
Type: OpenOffice.org qa ISSUE 59032
curl heap overflow

Source: MISC
Type: UNKNOWN
http://qa.openoffice.org/issues/show_bug.cgi?id=59032

Source: CCN
Type: RHSA-2005-875
curl security update

Source: CCN
Type: SA17907
cURL/libcURL URL Parsing Off-By-One Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
17907

Source: SECUNIA
Type: Vendor Advisory
17960

Source: SECUNIA
Type: Vendor Advisory
17961

Source: SECUNIA
Type: Vendor Advisory
17965

Source: SECUNIA
Type: Vendor Advisory
17977

Source: SECUNIA
Type: Vendor Advisory
18105

Source: SECUNIA
Type: Vendor Advisory
18188

Source: SECUNIA
Type: Vendor Advisory
18336

Source: CCN
Type: SA19261
OpenOffice cURL/libcURL URL Parsing Off-By-One Vulnerability

Source: SECUNIA
Type: Vendor Advisory
19261

Source: SECUNIA
Type: Vendor Advisory
19433

Source: SECUNIA
Type: Vendor Advisory
19457

Source: CCN
Type: SA20077
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20077

Source: CCN
Type: ASA-2006-084
UnixWare libcurl URL Parsing Vulnerability (SCOSA-2006.16)

Source: DEBIAN
Type: UNKNOWN
DSA-919

Source: DEBIAN
Type: DSA-919
curl -- buffer overflow

Source: CCN
Type: GLSA-200512-09
cURL: Off-by-one errors in URL handling

Source: GENTOO
Type: UNKNOWN
GLSA-200512-09

Source: CCN
Type: GLSA-200603-25
OpenOffice.org: Heap overflow in included libcurl

Source: GENTOO
Type: UNKNOWN
GLSA-200603-25

Source: CCN
Type: Hardened-PHP Project Security Advisory 24/2005
libcurl URL parsing vulnerability

Source: MISC
Type: Patch, Vendor Advisory
http://www.hardened-php.net/advisory_242005.109.html

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:224

Source: CCN
Type: OpenPKG-SA-2005.028
curl

Source: CCN
Type: fedora-announce-list Mailing List, Thu, 8 Dec 2005 15:54:10 -0500
[SECURITY] Fedora Core 4 Update: curl-7.13.1-4.fc4

Source: FEDORA
Type: UNKNOWN
FEDORA-2005-1129

Source: REDHAT
Type: UNKNOWN
RHSA-2005:875

Source: BUGTRAQ
Type: UNKNOWN
20051207 Advisory 24/2005: libcurl URL parsing vulnerability

Source: BID
Type: Patch
15756

Source: CCN
Type: BID-15756
cURL / libcURL URL Parser Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
17951

Source: CCN
Type: BID-17951
Apple Mac OS X Security Update 2006-003 Multiple Vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2005-0072
cups, curl - Multiple vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
TSLSA-2005-0072

Source: CCN
Type: USN-228-1
curl library vulnerability

Source: CERT
Type: US Government Resource
TA06-132A

Source: VUPEN
Type: Vendor Advisory
ADV-2005-2791

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0960

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1779

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0924

Source: XF
Type: UNKNOWN
curl-url-parser-bo(23538)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10855

Source: UBUNTU
Type: UNKNOWN
USN-228-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:daniel_stenberg:curl:7.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.12:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.13:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.13.2:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.14:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:daniel_stenberg:curl:7.15:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20054077
    V
    		CVE-2005-4077
    2015-11-16
    oval:org.mitre.oval:def:10855
    V
    		Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
    2013-04-29
    oval:org.debian:def:919
    V
    		buffer overflow
    2013-01-21
    oval:com.redhat.rhsa:def:20050875
    P
    		RHSA-2005:875: curl security update (Moderate)
    2005-12-20
    BACK
    daniel_stenberg curl 7.11.2
    daniel_stenberg curl 7.12
    daniel_stenberg curl 7.12.1
    daniel_stenberg curl 7.12.2
    daniel_stenberg curl 7.12.3
    daniel_stenberg curl 7.13
    daniel_stenberg curl 7.13.1
    daniel_stenberg curl 7.13.2
    daniel_stenberg curl 7.14
    daniel_stenberg curl 7.14.1
    daniel_stenberg curl 7.15