PT-2017-10945 · Curl+5 · Libcurl+5

0Xd34Db347

Published

2017-10-12

Updated

2026-05-18

CVE-2017-1000257

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue arises when an IMAP FETCH response line indicates that the returned data is zero bytes. In this case, libcurl passes on the non-existing data with a pointer and the size (zero) to the deliver-data function. This function treats zero as a magic number and invokes strlen() on the data to figure out the length. However, the strlen() is called on a heap-based buffer that might not be zero-terminated, which can cause libcurl to read beyond the end of the buffer into adjacent memory or crash. As a result, libcurl may deliver the incorrectly read data to the application as if it were actually downloaded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-119

Related Identifiers

ALT-PU-2017-2499

ALT-PU-2018-2456

CESA-2017_3263

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2017-1000257

DLA-1143-1

DSA-4007-1

MGASA-2018-0053

MGASA-2018-0054

OPENSUSE-SU-2024:10582-1

RHSA-2017:3263

RHSA-2017_3263

RHSA-2018:3558

SUSE-SU-2017:2831-1

USN-3441-2

USN-3457-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libcurl

PT-2017-10945 · Curl+5 · Libcurl+5

CVE-2017-1000257

Weakness Enumeration

Related Identifiers

Affected Products

References · 356