Published: 14/12/2020 Updated: 27/03/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

curl 7.62.0 up to and including 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
siemens simatic_tim_1531_irc_firmware
debian debian linux 10.0
siemens sinec infrastructure network services
splunk universal forwarder 9.1.0
splunk universal forwarder

Debian Bug report logs - #965280 curl: CVE-2020-8169 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 18 Jul 2020 19:51:01 UTC Severity: important Tags: security, upstream Found in versions curl/7640-4+deb10u1, cur ...

Several security issues were fixed in curl ...

Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) CVE-2020-8177 sn reporte ...

An issue has been found in libcurl from7620 up to and including 7700, which can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) ...

Critical Infrastructure Sectors: Energy

Critical Infrastructure Sectors: Critical Manufacturing

oss-sec mailing list archives   By Date By Thread </form>    Re: Contributing Back   From: Zhang Xiao <xiaozhang () windriver com& ...

Frequently Asked Questions

Frequently Asked Questions As stewards of the official images and maintainers of many images ourselves, we often see a lot of questions that surface repeatedly This repository is an attempt to gather some of those and provide some answers! Table of Contents Frequently Asked Questions Table of Contents General Questions What do you mean by "Official"? An image

CWE-200 https://hackerone.com/reports/874778 https://curl.se/docs/CVE-2020-8169.html https://www.debian.org/security/2021/dsa-4881 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965280 https://usn.ubuntu.com/4402-1/https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09

CVE-2020-8169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect