Search for vulnerabilities
Vulnerability details: VCID-az1b-d1vn-aaah
Vulnerability ID VCID-az1b-d1vn-aaah
Aliases CVE-2005-4077
Summary Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-122 Heap-based Buffer Overflow
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2005:875
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
epss 0.00226 https://api.first.org/data/v1/epss?cve=CVE-2005-4077
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1617850
cvssv3.1 High https://curl.se/docs/CVE-2005-4077.html
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2005-4077
Reference id Reference type URL
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt
http://curl.haxx.se/docs/adv_20051207.html
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://qa.openoffice.org/issues/show_bug.cgi?id=59032
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4077.json
https://api.first.org/data/v1/epss?cve=CVE-2005-4077
https://curl.se/docs/CVE-2005-4077.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
http://secunia.com/advisories/17907
http://secunia.com/advisories/17960
http://secunia.com/advisories/17961
http://secunia.com/advisories/17965
http://secunia.com/advisories/17977
http://secunia.com/advisories/18105
http://secunia.com/advisories/18188
http://secunia.com/advisories/18336
http://secunia.com/advisories/19261
http://secunia.com/advisories/19433
http://secunia.com/advisories/19457
http://secunia.com/advisories/20077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855
https://usn.ubuntu.com/228-1/
http://www.debian.org/security/2005/dsa-919
http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml
http://www.hardened-php.net/advisory_242005.109.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:224
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
http://www.redhat.com/support/errata/RHSA-2005-875.html
http://www.securityfocus.com/archive/1/418849/100/0/threaded
http://www.securityfocus.com/bid/15756
http://www.securityfocus.com/bid/17951
http://www.trustix.org/errata/2005/0072/
http://www.us-cert.gov/cas/techalerts/TA06-132A.html
http://www.vupen.com/english/advisories/2005/2791
http://www.vupen.com/english/advisories/2006/0960
http://www.vupen.com/english/advisories/2006/1779
http://www.vupen.com/english/advisories/2008/0924/references
1617850 https://bugzilla.redhat.com/show_bug.cgi?id=1617850
342339 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342339
cpe:2.3:a:daniel_stenberg:curl:7.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.12:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.12.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.12.3:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.13:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.14:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:daniel_stenberg:curl:7.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:daniel_stenberg:curl:7.15:*:*:*:*:*:*:*
CVE-2005-4077 https://nvd.nist.gov/vuln/detail/CVE-2005-4077
GLSA-200512-09 https://security.gentoo.org/glsa/200512-09
GLSA-200603-25 https://security.gentoo.org/glsa/200603-25
RHSA-2005:875 https://access.redhat.com/errata/RHSA-2005:875
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-4077
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.24051
EPSS Score 0.00055
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.