Front PageSecurity
|
| |
|
|
|
Security
|
cURL  Docs Security
curl SecurityWe take security seriously and develop curl and libcurl to be secure and safe. If you find or simply suspect a security problem in curl or libcurl, mail us at curl-security at haxx.se (closed list of receivers, mails are not disclosed) and tell. We appreciate getting notified in advance before you go public with security advisories for the sake of our users. libcurl URL Buffer Overflow
libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL. libcurl NTLM Buffer Overflow
libcurl's NTLM function can overflow a stack-based buffer if given a too long user name or domain name. This would happen if you enable NTLM authentication and either:
There is no known exploit/malicious server at the time of this writing. The notification mail to us about this flaw was also sent to a public wget mailing list and thus became public immediately. Kerberos Authentication Buffer Overflow
Date: February 21, 2005 Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious FTP server to overflow the client during krb4 negotiation. I don't know of any single user that uses krb4-ftp and I'm not even sure it still works 100%. The announcement was done without contacting us. NTLM Authentication Buffer Overflow
Date: February 21, 2005 Due to bad usage of the base64 decode function to a stack-based buffer without checking the data length, it was possible for a malicious HTTP server to overflow the client during NTLM negotiation. The announcement was done without contacting us. Proxy Authentication Header Information Leakage
Date: August 3, 2003 When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server. FTP Server Response Buffer OverflowID: BID 1804 CVE-2000-0973 (permalink) Affected versions: 6.0 (and possibly earlier) to and including 7.4 Not affected versions: 7.4.1 and later When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer. securityfocus lists two exploits |
Page updated December 9, 2005.
web site info