CVE-2000-0973

Current Description

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

Basic Data

PublishedDecember 19, 2000
Last ModifiedMay 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDaniel StenbergCurl6.0*******
    2.3ApplicationDaniel StenbergCurl6.1*******
    2.3ApplicationDaniel StenbergCurl6.1beta*******
    2.3ApplicationDaniel StenbergCurl6.3*******
    2.3ApplicationDaniel StenbergCurl6.4*******
    2.3ApplicationDaniel StenbergCurl6.5*******
    2.3ApplicationDaniel StenbergCurl6.5.1*******
    2.3ApplicationDaniel StenbergCurl6.5.2*******
    2.3ApplicationDaniel StenbergCurl7.1*******
    2.3ApplicationDaniel StenbergCurl7.1.1*******
    2.3ApplicationDaniel StenbergCurl7.2*******
    2.3ApplicationDaniel StenbergCurl7.2.1*******
    2.3ApplicationDaniel StenbergCurl7.3*******
    2.3ApplicationDaniel StenbergCurl7.4*******

Vulnerable Software List

VendorProductVersions
Daniel Stenberg Curl 6.0, 6.1, 6.1beta, 6.3, 6.4, 6.5, 6.5.1, 6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4

References

NameSourceURLTags
FreeBSD-SA-00:72ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.ascFREEBSD
RHBA-2000:092-01http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.htmlREDHAT
1804http://www.securityfocus.com/bid/1804BIDExploit Patch Vendor Advisory
curl-error-bo(5374)https://exchange.xforce.ibmcloud.com/vulnerabilities/5374XF