Docs Overview
Project
Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Known Risks Logo TODO website Info
Protocols
CA Extract HTTP cookies HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog curl CVEs Release Table Version Numbering Verify Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial When options were added
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / curl CVEs / FTP Server Response Buffer Overflow
Related:
Audits
Changelog
curl CVEs
JSON metadata
Vulnerability Disclosure
Vulnerabilities Table

CVE-2000-0973

FTP Server Response Buffer Overflow

Project curl Security Advisory, October 13 2000 Permalink

VULNERABILITY

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer.

INFO

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2000-0973 to this issue.

CWE-121: Stack-based Buffer Overflow

Severity: Critical

AFFECTED VERSIONS

SOLUTION

TIMELINE

This was not reported using the regular means so we did not make a standard time line for this issue.

CREDITS

According to the original report once hosted on https://www.securityfocus.com/bid/1804/exploit/

Thanks a lot!