CVE-2017-1000257

2017-10-2300:00:00

ubuntu.com

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

An IMAP FETCH response line indicates the size of the returned data, in
number of bytes. When that response says the data is zero bytes, libcurl
would pass on that (non-existing) data with a pointer and the size (zero)
to the deliver-data function. libcurl’s deliver-data function treats zero
as a magic number and invokes strlen() on the data to figure out the
length. The strlen() is called on a heap based buffer that might not be
zero terminated so libcurl might read beyond the end of it into whatever
memory lies after (or just crash) and then deliver that to the application
as if it was actually downloaded.

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchcurl< 7.55.1-1ubuntu2.1UNKNOWN
ubuntu14.04noarchcurl< 7.35.0-1ubuntu2.12UNKNOWN
ubuntu16.04noarchcurl< 7.47.0-1ubuntu2.4UNKNOWN
ubuntu17.04noarchcurl< 7.52.1-4ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	curl	< 7.55.1-1ubuntu2.1	UNKNOWN
ubuntu	14.04	noarch	curl	< 7.35.0-1ubuntu2.12	UNKNOWN
ubuntu	16.04	noarch	curl	< 7.47.0-1ubuntu2.4	UNKNOWN
ubuntu	17.04	noarch	curl	< 7.52.1-4ubuntu1.3	UNKNOWN