PT-2017-10945 · Curl+5 · Libcurl+5
0Xd34Db347
+1
·
Publicado
2017-10-12
·
Atualizado
2026-05-18
·
CVE-2017-1000257
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libcurl (affected versions not specified)
Description
The issue arises when an IMAP FETCH response line indicates that the returned data is zero bytes. In this case, libcurl passes on the non-existing data with a pointer and the size (zero) to the deliver-data function. This function treats zero as a magic number and invokes strlen() on the data to figure out the length. However, the strlen() is called on a heap-based buffer that might not be zero-terminated, which can cause libcurl to read beyond the end of the buffer into adjacent memory or crash. As a result, libcurl may deliver the incorrectly read data to the application as if it were actually downloaded.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Over-read
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Red Hat
Suse
Ubuntu
Libcurl