Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2020-8177

Published: 14/12/2020 Updated: 27/03/2024
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Haxx

Vulnerability Summary

curl 7.20.0 up to and including 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

debian debian linux 10.0

fujitsu m10-1_firmware

fujitsu m10-4_firmware

fujitsu m10-4s_firmware

fujitsu m12-1_firmware

fujitsu m12-2_firmware

fujitsu m12-2s_firmware

siemens sinec infrastructure network services

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Debian CVElist Bug Report Logs: curl: CVE-2020-8177
Debian Bug report logs - #965281 curl: CVE-2020-8177 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 18 Jul 2020 19:51:07 UTC Severity: important Tags: security, upstream Found in versions curl/7680-1, curl/7521 ...
Ubuntu Security Notice: curl vulnerabilities
Several security issues were fixed in curl ...
Debian Security Advisories: DSA-4881-1 curl -- security update
Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) CVE-2020-8177 sn reporte ...
Amazon Linux 2: ALAS2-2020-1451
command line arguments lead to local file overwrite (CVE-2020-8177) ...
Amazon Linux AMI: ALAS-2020-1411
This issue only affects the 'curl' command line utility Additionally, this is only an issue when using the '-J' (with the '-O' option) and '-i' command line options combined In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the user, and thus the user can ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Red Hat: Moderate: curl security and bug fix update
Synopsis Moderate: curl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
Red Hat: Moderate: curl security and bug fix update
Synopsis Moderate: curl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Red Hat: Moderate: OpenShift Container Platform 4.5.23 security and bug fix update
Synopsis Moderate: OpenShift Container Platform 4523 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4523 is now available with updates to packages and images that fix several bugsThis release includes a security update for Kubern ...
Red Hat: Moderate: Release of OpenShift Serverless 1.11.0
Synopsis Moderate: Release of OpenShift Serverless 1110 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1110 Description Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...
Red Hat: Moderate: OpenShift Container Platform 4.6.12 extras and security update
Synopsis Moderate: OpenShift Container Platform 4612 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has ra ...
Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Red Hat: Moderate: OpenShift Container Platform 4.5.20 bug fix and golang security update
Synopsis Moderate: OpenShift Container Platform 4520 bug fix and golang security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...
Red Hat: Moderate: OpenShift Container Platform 4.6.12 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4612 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red Hat ...
Red Hat: Moderate: OpenShift Virtualization 2.5.3 security and bug fix update
Synopsis Moderate: OpenShift Virtualization 253 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 253 is now available with updates to packages and images that fix several bugs and security issuesRed Hat Product Security has rated this ...
Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Red Hat: Important: OpenShift Container Platform 4.6.9 security and bug fix update
Synopsis Important: OpenShift Container Platform 469 security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 469 is now available with updates to packages and images that fix several bugs and add enhancementsThis release also includes a ...
Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update
Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...
Arch Linux Issues:
An issue has been found in curl from 7200 upto and including 7700, which can be tricked by a malicious server to overwrite a local file when using -J (--remote-header-name) and -i (--head) in the same command line When curl -J is used it doesn’t work together with -i and there’s a check that prevents it from getting used The check was fla ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Mailing Lists

Full Disclosure: Re: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Mohammad Tausif Siddiqui &lt;msiddiqu () re ...
Full Disclosure: Re: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Solar Designer &lt;solar () openwall com&gt ...
Full Disclosure: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Zhang Xiao &lt;xiaozhang () windriver com&gt; ...
Full Disclosure: Re: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Solar Designer &lt;solar () openwall com&gt ...
Full Disclosure: Re: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Zhang Xiao &lt;xiaozhang () windriver com& ...
Full Disclosure: Re: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Zhang Xiao &lt;xiaozhang () windriver com& ...
Full Disclosure: Re: Contributing Back
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Contributing Back <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Zhang Xiao &lt;xiaozhang () windriver com& ...

References

CWE-74https://curl.se/docs/CVE-2020-8177.htmlhttps://hackerone.com/reports/887462https://www.debian.org/security/2021/dsa-4881https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965281https://usn.ubuntu.com/4402-1/https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook