Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-8231

Published: 14/12/2020 Updated: 27/03/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Haxx

Vulnerability Summary

Due to use of a dangling pointer, libcurl 7.29.0 up to and including 7.71.1 can use the wrong connection when sending data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx libcurl

siemens sinec infrastructure network services

debian debian linux 10.0

oracle communications cloud native core policy 1.14.0

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-8231
Debian Bug report logs - #968831 CVE-2020-8231 Package: curl; Maintainer for curl is Alessandro Ghedini <ghedo@debianorg>; Source for curl is src:curl (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 21 Aug 2020 21:09:02 UTC Severity: important Tags: security, upstream Found in ver ...
Debian Security Advisories: DSA-4881-1 curl -- security update
Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) CVE-2020-8177 sn reporte ...
Amazon Linux 2: ALAS2-2021-1693
A flaw was found in libcurl from versions 7290 through 7711 An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection The highest threat from this vulnerability is to data confidentiality (CVE-2020-8231) A malicious server can use t ...
Amazon Linux AMI: ALAS-2020-1444
A flaw was found in libcurl from versions 7290 through 7711 An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection The highest threat from this vulnerability is to data confidentiality (CVE-2020-8231) ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-416https://hackerone.com/reports/948876https://curl.haxx.se/docs/CVE-2020-8231.htmlhttps://security.gentoo.org/glsa/202012-14https://www.debian.org/security/2021/dsa-4881https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968831https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://www.debian.org/security/2021/dsa-4881
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook