Buffer over-read in libcurl - CVE-2017-1000257
Published: October 24, 2017
Vulnerability identifier: #VU8917
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1000257
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: curl.haxx.se
Affected software:
libcurl
libcurl
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to buffer overread in the IMAP handle. A remote attacker can return a specially crafted IMAP FETCH response, obtain potentially sensitive information from memory on the target system or cause the target application using libcurl to crash.
The weakness exists due to buffer overread in the IMAP handle. A remote attacker can return a specially crafted IMAP FETCH response, obtain potentially sensitive information from memory on the target system or cause the target application using libcurl to crash.
How to mitigate CVE-2017-1000257
Update to version 7.56.1.