CVE-2017-1000257: An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on…

CVE-2017-1000257 [CRITICAL] CWE-125 curl: IMAP FETCH response out of bounds read curl: IMAP FETCH response out of bounds read An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP serv

CVE-2016-9586 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handle

CVE-2017-1000257 curl vulnerability Title: curl vulnerability Summary: curl could be made to crash or run programs if it received specially crafted network traffic. Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2017-1000257 [CRITICAL] CVE-2017-1000257: curl - An IMAP FETCH response line indicates the size of the returned data, in number o... An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. Scope: local bookworm: resolved (fixed in 7.56.1-1) bullseye: resolved (fixed in 7.56.1-1) forky: resolved (fixed in 7.56.1-1) sid: resolved (fixed in 7.56.1-1) trixie: resolved (fixed

CVE-2017-1000257 [CRITICAL] cURL up to 7.56.0 IMAP FETCH Response memory corruption (adv_20171023 / Nessus ID 104105) A vulnerability was found in cURL up to 7.56.0. It has been classified as critical. This vulnerability affects unknown code of the component IMAP FETCH Response Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-1000257. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

CVE-2017-1000257 [CRITICAL] CWE-119 GHSA-6x54-39w9-rqhw: An IMAP FETCH response line indicates the size of the returned data, in number of bytes An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.

CVE-2017-1000257 [CRITICAL] CVE-2017-1000257: An IMAP FETCH response line indicates the size of the returned data, in number of bytes An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.

CVE-2017-1000257 [CRITICAL] CVE-2017-1000257 curl: IMAP FETCH response out of bounds read [fedora-all] CVE-2017-1000257 curl: IMAP FETCH response out of bounds read [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of

CVE-2017-1000257 [CRITICAL] CVE-2017-1000257 mingw-curl: curl: IMAP FETCH response out of bounds read [epel-7] CVE-2017-1000257 mingw-curl: curl: IMAP FETCH response out of bounds read [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. Discussion: Use the following template to for the

CVE-2017-1000257 [CRITICAL] CVE-2017-1000257 mingw-curl: curl: IMAP FETCH response out of bounds read [fedora-all] CVE-2017-1000257 mingw-curl: curl: IMAP FETCH response out of bounds read [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported

CVE-2017-1000257 [CRITICAL] CVE-2017-1000257 curl: IMAP FETCH response out of bounds read CVE-2017-1000257 curl: IMAP FETCH response out of bounds read An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. Introduced with: https://github.com/curl/curl/commit/ec3bb8f727 External References: https://curl.haxx.se/docs/adv_2