Bug 174476
| Summary: | CAN-2005-3185 WGet/Curl NTLM Username Buffer Overflow | ||
|---|---|---|---|
| Product: | [Retired] Fedora Legacy | Reporter: | John Dalbec <jpdalbec> |
| Component: | curl | Assignee: | Fedora Legacy Bugs <bugs> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rhl7.3 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| URL: | http://www.securityfocus.com/bid/15102 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-30 19:57:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
John Dalbec
2005-11-29 14:04:03 UTC
05.49.13 CVE: CVE-2005-0490 Platform: Unix Title: cURL / libcURL URL Parser Buffer Overflow Description: cURL is a utility for retrieving remote content from servers over a number of protocols. libcURL provides this functionality to applications, as a shared library. cURL and libcURL are prone to a buffer overflow vulnerability. The issues occur when the URL parser function handles an excessively long URL string and is caused by two separate errors. An attacker can exploit these issues to crash the affected library, effectively denying service. Ref: http://curl.haxx.se/docs/adv_20051207.html Fedora Legacy project has ended. These will not be fixed by Fedora Legacy. |