{"id":"CURL-CVE-2000-0973","summary":"FTP Server Response Buffer Overflow","details":"When storing an FTP server's error message on failure, there was no check for\ninput length and thus a malicious FTP server could overflow curl's stack based\nbuffer.","aliases":["CVE-2000-0973"],"modified":"2026-05-27T02:29:17.376513Z","published":"2000-10-13T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2000-0973.json","severity":"Critical","CWE":{"desc":"Stack-based Buffer Overflow","id":"CWE-121"},"last_affected":"7.4","package":"curl","affects":"both","www":"https://curl.se/docs/CVE-2000-0973.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"6.0"},{"fixed":"7.4.1"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"ae1912cb0d494b48d514d937826c9fe83ec96c4d"},{"fixed":"751d503f54596d6d86f969683fec2fe296d9d1f0"}]}],"versions":["7.4","7.3","7.2.1","7.2","7.1.1","7.1","6.5.2","6.5.1","6.5","6.4","6.3.1","6.3","6.2","6.1","6.0","curl-7_3","curl-7_2","curl-7_1_1","curl-6_5_2","curl-6_5_1","curl-6_5"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2000-0973.json","vanir_signatures":[{"digest":{"function_hash":"196356786758211185488307863000076764989","length":241},"signature_version":"v1","id":"CURL-CVE-2000-0973-171b0ec8","deprecated":false,"target":{"function":"failf","file":"lib/sendf.c"},"source":"https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["228958604464281070835053189636391513699","144630845450072018614630508064963358814","279762529903853437871960568310384565523","135969741470522456798681344337997879757","263499723662391968439719703005208360682","169201004603743637601791708579055509136","272805279890715308076973196116662068657","234347712143530376186965619256059533252"]},"signature_version":"v1","id":"CURL-CVE-2000-0973-5ebafc81","deprecated":false,"target":{"file":"lib/url.c"},"source":"https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["336750918308948256061780313364742334265","338946848231821765236349582189650192615","209157767658083385805431196253131988638","257410141940471399691493468172196272090","328699097690227077524949511297132158655","189073717517383607935615415546015140570","77881558817818878505832374987774919178"]},"signature_version":"v1","id":"CURL-CVE-2000-0973-9e11ffa6","deprecated":false,"target":{"file":"lib/sendf.c"},"source":"https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0","signature_type":"Line"},{"digest":{"function_hash":"169988328743053719872940075578434844294","length":15652},"signature_version":"v1","id":"CURL-CVE-2000-0973-e9a57738","deprecated":false,"target":{"function":"curl_connect","file":"lib/url.c"},"source":"https://github.com/curl/curl.git/commit/751d503f54596d6d86f969683fec2fe296d9d1f0","signature_type":"Function"}],"vanir_signatures_modified":"2026-05-27T02:29:17Z"}}],"schema_version":"1.7.5","credits":[{"name":"zillion","type":"FINDER"}]}