#include "_doctype.html" #define FLAWNAME NTLM Authentication Buffer Overflow cURL - FLAWNAME #include "css.t" #include "manpage.t" #define CURL_DOCS #define CURL_URL docs/adv_20050221B.html #include "_menu.html" #include "setup.t" WHERE3(Docs, "/docs/", Security, "/docs/security.html", FLAWNAME) TITLE(FLAWNAME) #include "adv-related-box.inc" SUBTITLE(NTLM Authentication Buffer Overflow)

Date:February 21, 2005
IDBID 12615 CAN-2005-0490
Affected versions7.10.6 to and including 7.13.0
Not affected versions7.13.1 and later
AdvisoriesiDEFENSE's advisory

Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation. The announcement was done without contacting us. #include "_footer.html"