Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO website Info
Protocols
CA Extract HTTP cookies HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog curl CVEs Release Table Version Numbering Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial When options were added
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / curl CVEs / FTP Server Response Buffer Overflow
Related:
Audits
Bug Bounty
Changelog
curl CVEs
JSON metadata
Vulnerability Disclosure
Vulnerabilities Table

CVE-2000-0973

FTP Server Response Buffer Overflow

Project curl Security Advisory, October 13th 2000 - Permalink

VULNERABILITY

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer.

INFO

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2000-0973 to this issue.

CWE-121: Stack-based Buffer Overflow

Severity: Critical

AFFECTED VERSIONS

SOLUTION

TIMELINE

This was not reported using the regular means so we did not make a standard time line for this issue.

CREDITS

According to the original report once hosted on https://www.securityfocus.com/bid/1804/exploit/

Thanks a lot!