CVE-2017-1000257: Buffer Overflow
First published: Wed Oct 18 2017(Updated: )
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/curl | <7.56.1 | 7.56.1 |
| libcurl | >=7.20.0<=7.56.0 | |
| Debian | =8.0 | |
| Debian | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2017/dsa-4007
- http://www.securityfocus.com/bid/101519
- http://www.securitytracker.com/id/1039644
- https://access.redhat.com/errata/RHSA-2017:3263
- https://access.redhat.com/errata/RHSA-2018:2486
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_20171023.html
- https://security.gentoo.org/glsa/201712-04
- https://github.com/curl/curl/commit/ec3bb8f727
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1505233
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1505232
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1505234
- https://github.com/curl/curl/commit/13c9a9ded3ae744a1e11cbc14e9146d9fa427040
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
- https://bugzilla.redhat.com/show_bug.cgi?id=1503705
Frequently Asked Questions
What is the severity of CVE-2017-1000257?
CVE-2017-1000257 has a medium severity rating as it involves improper handling of zero-byte data leading to potential issues.
How do I fix CVE-2017-1000257?
To fix CVE-2017-1000257, you should upgrade libcurl to version 7.56.1 or higher.
What software is affected by CVE-2017-1000257?
CVE-2017-1000257 affects libcurl versions from 7.20.0 up to 7.56.0, and it is also found in specific versions of the curl package on Red Hat and Debian.
What is the impact of CVE-2017-1000257?
The impact of CVE-2017-1000257 includes potential miscommunication in data handling that might lead to application failures.
Is CVE-2017-1000257 remote exploit?
CVE-2017-1000257 is not considered a remote exploit as it primarily affects local data handling within applications using libcurl.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-1000257
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/haxx
- canonical/libcurl
- version/libcurl/7.20.0
- version/libcurl/7.56.0
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0