[3.6] curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
An IMAP FETCH response line indicates the size of the returned data, in
number of bytes.
When that response says the data is zero bytes, libcurl would pass on
that (non-existing)
data with a pointer and the size (zero) to the deliver-data function.
Affected versions:
libcurl 7.20.0 to and including 7.56.0
Not affected versions:
libcurl < 7.20.0 and >= 7.56.1
References:
https://curl.haxx.se/docs/adv\_20171023.html
http://openwall.com/lists/oss-security/2017/10/23/1
Patch:
https://curl.haxx.se/CVE-2017-1000257.patch
(from redmine: issue id 8039, created on 2017-10-24, closed on 2017-10-24)
- Relations:
- parent #8037 (closed)
- Changesets:
- Revision eb6f1c84 by Natanael Copa on 2017-10-24T09:13:20Z:
main/curl: security upgrade to 7.56.1 (CVE-2017-1000257)
fixes #8039