CVE-2000-0973

Name of the Vulnerable Software and Affected Versions curl versions earlier than 6.0-1.1 curl-ssl versions earlier than 6.0-1.2

Description The issue allows remote attackers to execute arbitrary commands by forcing a long error message to be generated when storing an FTP server's error message on failure. This occurs because there is no check for input length, enabling a malicious FTP server to overflow curl's stack-based buffer.

Recommendations For curl versions earlier than 6.0-1.1, update to version 6.0-1.1 or later. For curl-ssl versions earlier than 6.0-1.2, update to version 6.0-1.2 or later.