Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
CVE-2005-4077
NONECVSS 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
- No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: 1%CVSS: —Exploit: NoneExposed: 0
A fix is available — apply it.
- CVSS v3
- —
- EG Score
- 0.0(none)
- EPSS
- 40.3%
- KEV
- Not listed
Published
December 8, 2005
Last Modified
April 16, 2026
References (72)
- cve@mitreftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt
- cve@mitrehttp://curl.haxx.se/docs/adv_20051207.html
- cve@mitrehttp://docs.info.apple.com/article.html?artnum=307562
- cve@mitrehttp://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- cve@mitrehttp://qa.openoffice.org/issues/show_bug.cgi?id=59032
- cve@mitrehttp://secunia.com/advisories/17907
- cve@mitrehttp://secunia.com/advisories/17960
- cve@mitrehttp://secunia.com/advisories/17961
- cve@mitrehttp://secunia.com/advisories/17965
- cve@mitrehttp://secunia.com/advisories/17977
- cve@mitrehttp://secunia.com/advisories/18105
- cve@mitrehttp://secunia.com/advisories/18188
- cve@mitrehttp://secunia.com/advisories/18336
- cve@mitrehttp://secunia.com/advisories/19261
Frequently asked(4)
What is CVE-2005-4077?
CVE-2005-4077 is a none vulnerability published on December 8, 2005. Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to…
When was CVE-2005-4077 disclosed?
CVE-2005-4077 was first published in the National Vulnerability Database on December 8, 2005, with the most recent update on April 16, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2005-4077 actively exploited?
CVE-2005-4077 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 40.3% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
How do I remediate CVE-2005-4077?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2005-4077, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2005-4077
Is Your Infrastructure Affected by CVE-2005-4077?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.