cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL NTML response processing code fails to ensure that a buffer overflow cannot occur when response data is decoded.

The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.


Privacy Statement
Copyright 2010, SecurityFocus