CURL-CVE-2000-0973
- Source
- https://curl.se/docs/CVE-2000-0973.html
- Import Source
- https://curl.se/docs/CURL-CVE-2000-0973.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2000-0973
- Aliases
-
- CVE-2000-0973
- Published
- 2000-10-13T08:00:00Z
- Modified
- 2026-05-27T02:29:17.376513Z
- Summary
- FTP Server Response Buffer Overflow
- Details
-
When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer.
- Database specific
{ "CWE": { "id": "CWE-121", "desc": "Stack-based Buffer Overflow" }, "package": "curl", "last_affected": "7.4", "www": "https://curl.se/docs/CVE-2000-0973.html", "URL": "https://curl.se/docs/CVE-2000-0973.json", "affects": "both", "severity": "Critical" }- References
-
- Credits
-
-
- zillion - FINDER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced6.0Fixed7.4.1
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
6.*
6.0
6.1
6.2
6.3
6.3.1
6.4
6.5
6.5.1
6.5.2
7.*
7.1
7.1.1
7.2
7.2.1
7.3
7.4
Other
curl-6_5
curl-6_5_1
curl-6_5_2
curl-7_1_1
curl-7_2
curl-7_3
Database specific
source
"https://curl.se/docs/CURL-CVE-2000-0973.json"
vanir_signatures_modified
"2026-05-27T02:29:17Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 241.0,
"function_hash": "196356786758211185488307863000076764989"
},
"source": "https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0",
"id": "CURL-CVE-2000-0973-171b0ec8",
"signature_type": "Function",
"target": {
"function": "failf",
"file": "lib/sendf.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"228958604464281070835053189636391513699",
"144630845450072018614630508064963358814",
"279762529903853437871960568310384565523",
"135969741470522456798681344337997879757",
"263499723662391968439719703005208360682",
"169201004603743637601791708579055509136",
"272805279890715308076973196116662068657",
"234347712143530376186965619256059533252"
]
},
"source": "https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0",
"id": "CURL-CVE-2000-0973-5ebafc81",
"signature_type": "Line",
"target": {
"file": "lib/url.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"336750918308948256061780313364742334265",
"338946848231821765236349582189650192615",
"209157767658083385805431196253131988638",
"257410141940471399691493468172196272090",
"328699097690227077524949511297132158655",
"189073717517383607935615415546015140570",
"77881558817818878505832374987774919178"
]
},
"source": "https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0",
"id": "CURL-CVE-2000-0973-9e11ffa6",
"signature_type": "Line",
"target": {
"file": "lib/sendf.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 15652.0,
"function_hash": "169988328743053719872940075578434844294"
},
"source": "https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0",
"id": "CURL-CVE-2000-0973-e9a57738",
"signature_type": "Function",
"target": {
"function": "curl_connect",
"file": "lib/url.c"
}
}
]