Project curl Security Advisory, October 13th 2000 - Permalink
When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2000-0973 to this issue.
CWE-121: Stack-based Buffer Overflow
Severity: Critical
- Affected versions: curl 6.0 to and including curl 7.4
- Not affected versions: curl < 6.0 and curl >= 7.4.1
- Introduced-in: https://github.com/curl/curl/commit/ae1912cb0d494b48d514d
This was not reported using the regular means so we did not make a standard time line for this issue.
- Reported-by: zillion
According to the original report once hosted on
https://www.securityfocus.com/bid/1804/exploit/
Thanks a lot!