CVE-2005-0490

Name: CVE-2005-0490
Creator: NVD / NIST
Published: 2005-05-02T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 5.73%

Last modified Jun 16, 2026

CVE-2005-0490 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.. EPSS estimates a 5.73% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

5.73%

92.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-131

Affected Software

Vendor	Product	Versions
Haxx	Curl	7.12.1
Haxx	Libcurl	7.12.1

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940Broken Link, Patch, Vendor Advisory
http://marc.info/?l=full-disclosure&m=110959085507755&w=2Mailing List, Patch
http://www.gentoo.org/security/en/glsa/glsa-200503-20.xmlThird Party Advisory
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilitiesBroken Link, Vendor Advisory
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilitiesBroken Link, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:048Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_11_curl.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-340.htmlBroken Link
http://www.securityfocus.com/bid/12615Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/12616Broken Link, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19423Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940Broken Link, Patch, Vendor Advisory
http://marc.info/?l=full-disclosure&m=110959085507755&w=2Mailing List, Patch
http://www.gentoo.org/security/en/glsa/glsa-200503-20.xmlThird Party Advisory
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilitiesBroken Link, Vendor Advisory
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilitiesBroken Link, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:048Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_11_curl.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-340.htmlBroken Link
http://www.securityfocus.com/bid/12615Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/12616Broken Link, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19423Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10273Broken Link

Timeline

Published: May 2, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-0490?

How severe is CVE-2005-0490?

CVE-2005-0490 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 5.73% probability of exploitation in the next 30 days.

How do I fix CVE-2005-0490?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-0490?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST