CURL-CVE-2017-1000257
- Source
- https://curl.se/docs/CVE-2017-1000257.html
- Import Source
- https://curl.se/docs/CURL-CVE-2017-1000257.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2017-1000257
- Aliases
- Published
- 2017-10-23T08:00:00Z
- Modified
- 2026-05-27T02:29:28.314101Z
- Summary
- IMAP FETCH response out of bounds read
- Details
-
libcurl contains a buffer overrun flaw in the IMAP handler.
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function.
libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be null-terminated so libcurl might read beyond the end of it into whatever memory lies after (or crash) and then deliver that to the application as if it was actually downloaded.
- Database specific
{ "URL": "https://curl.se/docs/CVE-2017-1000257.json", "last_affected": "7.56.0", "affects": "both", "www": "https://curl.se/docs/CVE-2017-1000257.html", "package": "curl", "severity": "Medium", "CWE": { "desc": "Buffer Over-read", "id": "CWE-126" } }- References
-
- Credits
-
-
- Brian Carpenter (Geeknik Labs) - FINDER
-
- 0xd34db347 - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.20.0Fixed7.56.1
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
Other
curl-7_20_0
curl-7_20_1
curl-7_21_0
curl-7_21_1
curl-7_21_2
curl-7_21_3
curl-7_21_4
curl-7_21_5
curl-7_21_6
curl-7_21_7
curl-7_22_0
curl-7_23_0
curl-7_23_1
curl-7_24_0
curl-7_25_0
curl-7_26_0
curl-7_27_0
curl-7_28_0
curl-7_28_1
curl-7_29_0
curl-7_30_0
curl-7_31_0
curl-7_32_0
curl-7_33_0
curl-7_34_0
curl-7_35_0
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_42_1
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
curl-7_52_0
curl-7_52_1
curl-7_53_0
curl-7_53_1
curl-7_54_0
curl-7_54_1
curl-7_55_0
curl-7_55_1
curl-7_56_0
Database specific
vanir_signatures_modified
"2026-05-27T02:29:28Z"
vanir_signatures
[
{
"id": "CURL-CVE-2017-1000257-a46517f9",
"target": {
"file": "lib/imap.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"127691315486214433355562222260323323396",
"110630259703070770442609911872220071114",
"41363214079459528439697027754300489812"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/13c9a9ded3ae744a1e11cbc14e9146d9fa427040",
"signature_version": "v1"
},
{
"id": "CURL-CVE-2017-1000257-d8583e18",
"target": {
"file": "lib/imap.c",
"function": "imap_state_fetch_resp"
},
"deprecated": false,
"digest": {
"function_hash": "70297420538337492111449779884300270277",
"length": 1741.0
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/13c9a9ded3ae744a1e11cbc14e9146d9fa427040",
"signature_version": "v1"
}
]
source
"https://curl.se/docs/CURL-CVE-2017-1000257.json"