Bug #8037: curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
[3.7] curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
An IMAP FETCH response line indicates the size of the returned data, in number of bytes.
When that response says the data is zero bytes, libcurl would pass on that (non-existing)
data with a pointer and the size (zero) to the deliver-data function.
libcurl 7.20.0 to and including 7.56.0
Not affected versions:¶
libcurl < 7.20.0 and >= 7.56.1