curl / Docs / Security / FTP Server Response Buffer Overflow

FTP Server Response Buffer Overflow

FTP Server Response Buffer Overflow

Date:October 13, 2000
ID BID 1804 CVE-2000-0973
Affected versions6.0 (and possibly earlier) to and including 7.4
Not affected versions7.4.1 and later

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer. securityfocus lists two exploits