CLD-112 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-1000257 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) curl
Deficiency Type SECURITY
Date Created 2017-10-23 09:22:35
Date Last Modified 2017-10-23 09:38:59

Version Specific Information:

Cucumber 1.0 i686fixed in curl-7.56.1-i686-1
Cucumber 1.0 x86_64fixed in curl-7.56.1-x86_64-1 and curl-lib_i686-7.56.1-lib_i686-1

Cucumber 1.1 i686 fixed in curl-7.56.1-i686-1
Cucumber 1.1 x86_64 fixed in curl-7.56.1-x86_64-1 and curl-lib_i686-7.56.1-lib_i686-1

Details:

libcurl contains a buffer overrun flaw in the IMAP handler.

An IMAP FETCH response line indicates the size of the returned data, in number
of bytes. When that response says the data is zero bytes, libcurl would pass on
that (non-existing) data with a pointer and the size (zero) to the deliver-data
function.

libcurl's deliver-data function treats zero as a magic number and invokes
strlen() on the data to figure out the length. The strlen() is called on a heap
based buffer that might not be zero terminated so libcurl might read beyond the
end of it into whatever memory lies after (or just crash) and then deliver that
to the application as if it was actually downloaded.

As of Mon Oct 23 09:49:27 EDT 2017, the curl developers are not aware of any
exploit of this flaw (https://curl.haxx.se/docs/adv_20171023.html).