CVE-2000-0973

curl < 6.0-1.1 and curl-ssl < 6.0-1.2 - Buffer Overflow via Long Error Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0973. PoCs published by zillion.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in cURL versions 6.1 to 7.4, where a malicious FTP server response can overwrite the return address on the stack, leading to arbitrary code execution. The shellcode writes a message to a file as a proof of concept.

Description

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

Exploits (2)

exploitdb WORKING POC VERIFIED
by zillion · perlremotelinux
https://www.exploit-db.com/exploits/20293

This exploit targets a buffer overflow vulnerability in cURL versions 6.1 to 7.4, where a malicious FTP server response can overwrite the return address on the stack, leading to arbitrary code execution. The shellcode writes a message to a file as a proof of concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: cURL 6.1 - 7.4
No auth needed
Prerequisites: Network access to the target · Target must initiate a connection to the malicious server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by zillion · perlremotefreebsd
https://www.exploit-db.com/exploits/20292

This exploit targets a buffer overflow vulnerability in cURL versions included with Debian GNU/Linux 2.2 and FreeBSD prior to 4.2. It crafts a malicious FTP server response to overwrite the return address on the stack, leading to arbitrary code execution on the client host.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: cURL (Debian GNU/Linux 2.2, FreeBSD < 4.2)
No auth needed
Prerequisites: Network access to the target · Target must connect to the malicious FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1804
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5374
Third Party Advisory vendor-advisory x_refsource_redhat
http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html

Scores

EPSS 0.1925
EPSS Percentile 97.0%

Details

Status published
Products (14)
daniel_stenberg/curl 6.0
daniel_stenberg/curl 6.1
daniel_stenberg/curl 6.1beta
daniel_stenberg/curl 6.3
daniel_stenberg/curl 6.4
daniel_stenberg/curl 6.5
daniel_stenberg/curl 6.5.1
daniel_stenberg/curl 6.5.2
daniel_stenberg/curl 7.1
daniel_stenberg/curl 7.1.1
... and 4 more
Published Dec 19, 2000
Tracked Since Feb 18, 2026