CVE-2020-8169

Published: 14/12/2020 Updated: 27/03/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

curl 7.62.0 up to and including 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
siemens simatic tim 1531 irc firmware
debian debian linux 10.0
siemens sinec infrastructure network services
splunk universal forwarder 9.1.0
splunk universal forwarder

Several security issues were fixed in curl ...

Debian Bug report logs - #965280 curl: CVE-2020-8169 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 18 Jul 2020 19:51:01 UTC Severity: important Tags: security, upstream Found in versions curl/7640-4+deb10u1, cur ...

Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) CVE-2020-8177 sn reporte ...

An issue has been found in libcurl from7620 up to and including 7700, which can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) ...

Critical Infrastructure Sectors: Critical Manufacturing

Critical Infrastructure Sectors: Energy

On Thu, 2 Jul 2020, Francis Perron wrote: All details regarding the two recent curl flaws are here: curlhaxxse/docs/CVE-2020-8169html curlhaxxse/docs/CVE-2020-8177html -- / danielhaxxse ...

I haven't remind MITRE before While they have an interface to make it: cvemitreorg/about/contactushtml See the forth topic called "*To notify us about a vulnerability publication*" I just remind them about CVE-2020-8169 and  CVE-2020-8177 with it Hope it works :-) I will check the status of them on CVE/NVD website these days ...

在 2020/7/23 下午7:56, Solar Designer 写道: Till now both CVE-2020-8177 and CVE-2020-8169 are still "reserved" I believe it is valuable to remind them and I am glad to do it, but I just realize I don't know how to make it I tried two methods but none of them works Anyone can give me any advises to make it? Thanks Xiao ...

Partial password leak over DNS on HTTP redirect =============================================== Project curl Security Advisory, June 24th 2020 - [Permalink](curlhaxxse/docs/CVE-2020-8169html) VULNERABILITY ------------- libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking ...

Frequently Asked Questions

Frequently Asked Questions As stewards of the official images and maintainers of many images ourselves, we often see a lot of questions that surface repeatedly This repository is an attempt to gather some of those and provide some answers! Table of Contents Frequently Asked Questions Table of Contents General Questions What do you mean by "Official"? An image

CWE-200 https://hackerone.com/reports/874778 https://curl.se/docs/CVE-2020-8169.html https://www.debian.org/security/2021/dsa-4881 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://nvd.nist.gov https://usn.ubuntu.com/4402-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09 https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2020-8169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect