CVE-2017-1000257MEDIUM
Description
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
References
http://www.debian.org/security/2017/dsa-4007
http://www.securityfocus.com/bid/101519
http://www.securitytracker.com/id/1039644
https://access.redhat.com/errata/RHSA-2017:3263
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:3558
Details
Source: MITRE
Published: 2017-10-31
Updated: 2018-11-13
Type: CWE-119
Risk Information
CVSS v2.0
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3.0
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* versions from 7.20.0 to 7.56.0 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 127142 | NewStart CGSL MAIN 5.04 : curl Vulnerability (NS-SA-2019-0002) | Nessus | NewStart CGSL Local Security Checks | medium |
| 125002 | EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549) | Nessus | Huawei Local Security Checks | high |
| 124993 | EulerOS Virtualization for ARM 64 3.0.1.0 : curl (EulerOS-SA-2019-1540) | Nessus | Huawei Local Security Checks | critical |
| 122260 | Amazon Linux 2 : curl (ALAS-2019-1162) | Nessus | Amazon Linux Local Security Checks | high |
| 121768 | Photon OS 2.0: Curl PHSA-2017-0050 | Nessus | PhotonOS Local Security Checks | high |
| 117546 | EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1237) | Nessus | Huawei Local Security Checks | medium |
| 111899 | Photon OS 2.0: Curl / Libtiff / Linux PHSA-2017-0050 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 111897 | Photon OS 1.0: Curl / Glibc PHSA-2017-0048 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 105957 | Fedora 27 : curl (2017-b25c8a7087) | Nessus | Fedora Local Security Checks | medium |
| 105264 | GLSA-201712-04 : cURL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 104931 | EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1313) | Nessus | Huawei Local Security Checks | medium |
| 104930 | EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1312) | Nessus | Huawei Local Security Checks | medium |
| 104816 | Virtuozzo 7 : curl / libcurl / libcurl-devel (VZLSA-2017-3263) | Nessus | Virtuozzo Local Security Checks | medium |
| 104803 | Scientific Linux Security Update : curl on SL7.x x86_64 (20171127) | Nessus | Scientific Linux Local Security Checks | medium |
| 104801 | RHEL 7 : curl (RHSA-2017:3263) | Nessus | Red Hat Local Security Checks | medium |
| 104799 | Oracle Linux 7 : curl (ELSA-2017-3263) | Nessus | Oracle Linux Local Security Checks | medium |
| 104790 | CentOS 7 : curl (CESA-2017:3263) | Nessus | CentOS Local Security Checks | medium |
| 104704 | Amazon Linux AMI : curl (ALAS-2017-922) | Nessus | Amazon Linux Local Security Checks | medium |
| 104316 | Fedora 26 : curl (2017-ebf32659bf) | Nessus | Fedora Local Security Checks | medium |
| 104236 | openSUSE Security Update : curl (openSUSE-2017-1200) | Nessus | SuSE Local Security Checks | medium |
| 104222 | Debian DSA-4007-1 : curl - security update | Nessus | Debian Local Security Checks | medium |
| 104133 | Debian DLA-1143-1 : curl security update | Nessus | Debian Local Security Checks | medium |
| 104118 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerability (USN-3457-1) | Nessus | Ubuntu Local Security Checks | medium |
| 104117 | SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2831-1) | Nessus | SuSE Local Security Checks | medium |
| 104113 | FreeBSD : cURL -- out of bounds read (143ec3d6-b7cf-11e7-ac58-b499baebfeaf) | Nessus | FreeBSD Local Security Checks | medium |
| 104105 | Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-297-01) | Nessus | Slackware Local Security Checks | medium |