CVE-2005-4077

Name of the Vulnerable Software and Affected Versions libcurl versions 7.11.2 through 7.15.0

Description The issue is caused by multiple off-by-one errors in the cURL library, allowing local users to trigger a buffer overflow and cause a denial of service or bypass security restrictions via certain malformed URLs. These URLs can be crafted to prevent a terminating null byte from being added to either a hostname or path buffer, or contain a "?" separator in the hostname portion. The vulnerability can lead to a heap-based buffer overflow in two ways: when a URL with no protocol prefix and no slash is 256 bytes or longer, and when a URL with only a question mark as a separator between the host and query part is used. This can result in a single zero byte overflow of the heap buffer.

Recommendations For libcurl versions 7.11.2 through 7.15.0, update to a version newer than 7.15.0 to resolve the issue. As a temporary workaround, consider validating and sanitizing user-provided URLs before passing them to libcurl to minimize the risk of exploitation. Avoid using URLs with no protocol prefix or those containing a "?" separator in the hostname portion until the issue is resolved.