Search for vulnerabilities
Vulnerability details: VCID-jp2s-9ame-aaac
Vulnerability ID VCID-jp2s-9ame-aaac
Aliases CVE-2005-3185
Summary Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121 Stack-based Buffer Overflow
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2005:812
epss 0.01724 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01724 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01724 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01724 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.04852 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.05123 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
epss 0.12527 https://api.first.org/data/v1/epss?cve=CVE-2005-3185
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1617794
cvssv3.1 High https://curl.se/docs/CVE-2005-3185.html
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2005-3185
Reference id Reference type URL
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
http://docs.info.apple.com/article.html?artnum=302847
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3185.json
https://api.first.org/data/v1/epss?cve=CVE-2005-3185
https://curl.se/docs/CVE-2005-3185.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
http://secunia.com/advisories/17192
http://secunia.com/advisories/17193
http://secunia.com/advisories/17203
http://secunia.com/advisories/17208
http://secunia.com/advisories/17228
http://secunia.com/advisories/17247
http://secunia.com/advisories/17297
http://secunia.com/advisories/17320
http://secunia.com/advisories/17400
http://secunia.com/advisories/17403
http://secunia.com/advisories/17485
http://secunia.com/advisories/17813
http://secunia.com/advisories/17965
http://secunia.com/advisories/19193
http://securityreason.com/securityalert/82
http://securitytracker.com/id?1015056
http://securitytracker.com/id?1015057
https://exchange.xforce.ibmcloud.com/vulnerabilities/22721
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9810
https://usn.ubuntu.com/205-1/
http://www.debian.org/security/2005/dsa-919
http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml
http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2005:182
http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html
http://www.osvdb.org/20011
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html
http://www.redhat.com/support/errata/RHSA-2005-807.html
http://www.redhat.com/support/errata/RHSA-2005-812.html
http://www.securityfocus.com/bid/15102
http://www.securityfocus.com/bid/15647
http://www.vupen.com/english/advisories/2005/2088
http://www.vupen.com/english/advisories/2005/2125
http://www.vupen.com/english/advisories/2005/2659
1617794 https://bugzilla.redhat.com/show_bug.cgi?id=1617794
333734 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333734
cpe:2.3:a:curl:curl:7.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:libcurl:libcurl:7.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libcurl:libcurl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:wget:wget:1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wget:wget:1.10:*:*:*:*:*:*:*
CVE-2005-3185 https://nvd.nist.gov/vuln/detail/CVE-2005-3185
GLSA-200510-19 https://security.gentoo.org/glsa/200510-19
RHSA-2005:807 https://access.redhat.com/errata/RHSA-2005:807
RHSA-2005:812 https://access.redhat.com/errata/RHSA-2005:812
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-3185
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87524
EPSS Score 0.01724
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.