Vulnerability Details : CVE-2017-1000257
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-1000257
Probability of exploitation activity in the next 30 days: 2.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-1000257
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST |
|
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2017-1000257
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000257
-
https://curl.haxx.se/docs/adv_20171023.html
curl - IMAP FETCH response out of bounds read - CVE-2017-1000257Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3263
RHSA-2017:3263 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1039644
cURL Buffer Overread in Processing IMAP FETCH Response Data Lets Remote Users Deny Service or Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201712-04
cURL: Multiple vulnerabilities (GLSA 201712-04) — Gentoo security
-
http://www.securityfocus.com/bid/101519
cURL/libcURL CVE-2017-1000257 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:3558
RHSA-2018:3558 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2017/dsa-4007
Debian -- Security Information -- DSA-4007-1 curlThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2486
RHSA-2018:2486 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2017-1000257
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*