CVE-2020-8285
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0059
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
674
Uncontrolled Recursion
DraftCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Potential Impacts:
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Read Application Data
Applicable Platforms
All platforms may be affected
787
Out-of-bounds Write
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Memory
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Unexpected State
Applicable Platforms
Languages:
Assembly, C, C++, Memory-Unsafe
Technologies:
ICS/OT
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M10-4S Firmware by Fujitsu
Version Range Affected
To
xcp2410
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M10-4 Firmware by Fujitsu
Version Range Affected
To
xcp3110
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Hci Bootstrap Os by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Clustered Data Ontap by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Essbase by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M12-2S Firmware by Fujitsu
Version Range Affected
To
xcp3110
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Policy by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M12-2 Firmware by Fujitsu
Version Range Affected
To
xcp2410
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Hci Storage Node Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Macos by Apple
Version Range Affected
From
11.0
(inclusive)
To
11.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Universal Forwarder by Splunk
Version Range Affected
From
8.2.0
(inclusive)
To
8.2.12
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M10-1 Firmware by Fujitsu
Version Range Affected
To
xcp2410
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M12-1 Firmware by Fujitsu
Version Range Affected
To
xcp3110
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Libcurl by Haxx
Version Range Affected
From
7.21.0
(inclusive)
To
7.74.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M12-1 Firmware by Fujitsu
Version Range Affected
To
xcp2410
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M10-1 Firmware by Fujitsu
Version Range Affected
To
xcp3110
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Hci Management Node by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Solidfire by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M10-4 Firmware by Fujitsu
Version Range Affected
To
xcp2410
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
Version Range Affected
To
10.14.6
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sinec Infrastructure Network Services by Siemens
Version Range Affected
To
1.0.1.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M10-4S Firmware by Fujitsu
Version Range Affected
To
xcp3110
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
Version Range Affected
From
10.15
(inclusive)
To
10.15.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Universal Forwarder by Splunk
Version Range Affected
From
9.0.0
(inclusive)
To
9.0.6
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Billing And Revenue Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M12-2S Firmware by Fujitsu
Version Range Affected
To
xcp2410
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Universal Forwarder by Splunk
CPE Identifier
View Detailed Analysis
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
M12-2 Firmware by Fujitsu
Version Range Affected
To
xcp3110
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mac Os X by Apple
CPE Identifier
View Detailed Analysis
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2020-8285.html
http://seclists.org/fulldisclosure/2021/Apr/51
https://github.com/curl/curl/issues/6255
https://hackerone.com/reports/1045844
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e…
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb…
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2020-8285.html
http://seclists.org/fulldisclosure/2021/Apr/51
https://github.com/curl/curl/issues/6255
https://hackerone.com/reports/1045844
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e…
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb…
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html