PublicDate: 2005-12-08 01:03:00 UTC
Candidate: CVE-2005-4077
References:
 https://ubuntu.com/security/notices/USN-228-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
Description:
 Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through
 7.15.0 allow local users to trigger a buffer overflow and cause a denial of
 service or bypass PHP security restrictions via certain URLs that (1) are
 malformed in a way that prevents a terminating null byte from being added
 to either a hostname or path buffer, or (2) contain a "?"  separator in the
 hostname portion, which causes a "/" to be prepended to the resulting
 string.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_curl: released (7.15.1-1ubuntu2.1)
edgy_curl: released (7.15.4-1ubuntu2.2)
feisty_curl: released (7.15.5-1ubuntu2.1)
devel_curl: released (7.16.4-2ubuntu1)
upstream_curl: needs-triage