0Xd34Db347

**Name of the Vulnerable Software and Affected Versions** libcurl (affected versions not specified) **Description** The issue arises when an IMAP FETCH response line indicates that the returned data is zero bytes. In this case, libcurl passes on the non-existing data with a pointer and the size (zero) to the deliver-data function. This function treats zero as a magic number and invokes strlen() on the data to figure out the length. However, the strlen() is called on a heap-based buffer that might not be zero-terminated, which can cause libcurl to read beyond the end of the buffer into adjacent memory or crash. As a result, libcurl may deliver the incorrectly read data to the application as if it were actually downloaded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.