CVE-2005-4077

Name	CVE-2005-4077
Description	Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-919-2
Debian Bugs	342339, 342696

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
curl (PTS)	jessie, jessie (lts)	7.38.0-4+deb8u28	fixed
	stretch (security)	7.52.1-5+deb9u16	fixed
	stretch (lts), stretch	7.52.1-5+deb9u22	fixed
	buster, buster (lts)	7.64.0-4+deb10u10	fixed
	buster (security)	7.64.0-4+deb10u9	fixed
	bullseye	7.74.0-1.3+deb11u13	fixed
	bullseye (security)	7.74.0-1.3+deb11u14	fixed
	bookworm	7.88.1-10+deb12u8	fixed
	bookworm (security)	7.88.1-10+deb12u5	fixed
	sid, trixie	8.11.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
curl	source	woody	7.9.5-1woody2		DSA-919-2
curl	source	sarge	7.13.2-2sarge5		DSA-919-2
curl	source	(unstable)	7.15.1-1	medium		342339, 342696