cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl NTLM Buffer Overflow Vulnerability

From: Gerd v. Egidy <lists_at_egidy.de>
Date: Fri, 14 Oct 2005 10:24:15 +0200

> libcurl NTLM Buffer Overflow Vulnerability
> ==========================================
>
> Project cURL Security Advisory, October 13th 2005
> http://curl.haxx.se/docs/security.html
>
> 1. VULNERABILITY
>
> libcurl's NTLM function can overflow a stack-based buffer if given a too
> long user name or domain name. This would happen if you enable NTLM
> authentication and either:

do you have a CVE number for this?

Kind regards,

Gerd
Received on 2005-10-14

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: libcurl NTLM Buffer Overflow Vulnerability"
Previous message: Daniel Stenberg: "Re: Fw: 64 vs 32 bits (was Re: (no subject))"
In reply to: Daniel Stenberg: "libcurl NTLM Buffer Overflow Vulnerability"
Next in thread: Daniel Stenberg: "Re: libcurl NTLM Buffer Overflow Vulnerability"
Reply: Daniel Stenberg: "Re: libcurl NTLM Buffer Overflow Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]