Curl · Libcurl · CVE-2017-1000257
**Name of the Vulnerable Software and Affected Versions**
libcurl (affected versions not specified)
**Description**
The issue arises when an IMAP FETCH response line indicates that the returned data is zero bytes. In this case, libcurl passes on the non-existing data with a pointer and the size (zero) to the deliver-data function. This function treats zero as a magic number and invokes strlen() on the data to figure out the length. However, the strlen() is called on a heap-based buffer that might not be zero-terminated, which can cause libcurl to read beyond the end of the buffer into adjacent memory or crash. As a result, libcurl may deliver the incorrectly read data to the application as if it were actually downloaded.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.