{"id":"CURL-CVE-2005-0490","summary":"Authentication Buffer Overflows","details":"Due to bad usage of the base64 decode function to a stack-based buffer without\nchecking the data length, it was possible for a malicious HTTP server to\noverflow the client during NTLM negotiation and for an FTP server to overflow\nthe client during krb4 negotiation. The\n[announcement](http://www.idefense.com/application/poi/display?id=202) of this\nflaw was done without contacting us.","aliases":["CVE-2005-0490"],"modified":"2026-04-25T16:17:55.546581Z","published":"2005-02-21T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2005-0490.json","severity":"High","last_affected":"7.13.0","affects":"both","www":"https://curl.se/docs/CVE-2005-0490.html","CWE":{"id":"CWE-121","desc":"Stack-based Buffer Overflow"},"package":"curl"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.3"},{"fixed":"7.13.1"}]}],"versions":["7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6","7.10.5","7.10.4","7.10.3","7.10.2","7.10.1","7.10","7.9.8","7.9.7","7.9.6","7.9.5","7.9.4","7.9.3","7.9.2","7.9.1","7.9","7.8.1","7.8","7.7.3","7.7.2","7.7.1","7.7","7.6.1","7.6","7.5.2","7.5.1","7.5","7.4.2","7.4.1","7.4","7.3"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2005-0490.json"}}],"schema_version":"1.7.5","credits":[{"name":"unknown","type":"FINDER"}]}