Summary URL decode buffer overflow
Date 2004-08-26
CVE Number CVE-2004-0785
Discovered By Sean (infamous42md)
Fixed In Release 0.82


Buffer overflow. The URL is decoded into a static buffer of length 2048 bytes. I’m not sure it’s possible to receive a URL longer than 2048 bytes, as many protocols have message limits that are shorter than that.


A check to make sure the source string is shorter than 2048 bytes is performed.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site