CVE-2005-3185

Name	CVE-2005-3185
Description	Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-919-2
Debian Bugs	333734

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
curl (PTS)	jessie, jessie (lts)	7.38.0-4+deb8u28	fixed
	stretch (security)	7.52.1-5+deb9u16	fixed
	stretch (lts), stretch	7.52.1-5+deb9u22	fixed
	buster, buster (lts)	7.64.0-4+deb10u10	fixed
	buster (security)	7.64.0-4+deb10u9	fixed
	bullseye	7.74.0-1.3+deb11u13	fixed
	bullseye (security)	7.74.0-1.3+deb11u14	fixed
	bookworm	7.88.1-10+deb12u8	fixed
	bookworm (security)	7.88.1-10+deb12u5	fixed
	sid, trixie	8.11.0-1	fixed
wget (PTS)	jessie, jessie (lts)	1.16-1+deb8u7	fixed
	stretch (security), stretch (lts), stretch	1.18-5+deb9u3	fixed
	buster	1.20.1-1.1	fixed
	bullseye	1.21-1+deb11u1	fixed
	bookworm	1.21.3-1	fixed
	sid, trixie	1.24.5-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
curl	source	woody	7.9.5-1woody2		DSA-919-2
curl	source	sarge	7.13.2-2sarge5		DSA-919-2
curl	source	(unstable)	7.15.0-1	medium		333734
wget	source	woody	(not affected)
wget	source	sarge	(not affected)
wget	source	(unstable)	1.10.2-1	medium

[sarge] - wget <not-affected> (Does not contain NTML authentication code)
[woody] - wget <not-affected> (Does not contain NTML authentication code)