CVE-2020-8177

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

References

https://curl.se/docs/CVE-2020-8177.html

https://hackerone.com/reports/887462

https://www.debian.org/security/2021/dsa-4881

Details

Source: MITRE

Published: 2020-12-14

Updated: 2021-04-01

Type: CWE-74

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* versions from 7.62.0 to 7.70.0 (inclusive)

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
151421EulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2021-2132)NessusHuawei Local Security Checks
high
150606SUSE SLES11 Security Update : curl (SUSE-SU-2020:14409-1)NessusSuSE Local Security Checks
high
148277Debian DSA-4881-1 : curl - security updateNessusDebian Local Security Checks
medium
147470EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1596)NessusHuawei Local Security Checks
high
147398NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Multiple Vulnerabilities (NS-SA-2021-0018)NessusNewStart CGSL Local Security Checks
critical
147334NewStart CGSL MAIN 6.02 : curl Vulnerability (NS-SA-2021-0067)NessusNewStart CGSL Local Security Checks
high
145987CentOS 8 : curl (CESA-2020:4599)NessusCentOS Local Security Checks
high
144436Virtuozzo 7 : curl / libcurl / libcurl-devel (VZLSA-2020-5002)NessusVirtuozzo Local Security Checks
high
144389RHEL 8 : curl (RHSA-2020:5417)NessusRed Hat Local Security Checks
high
143057CentOS 7 : curl (CESA-2020:5002)NessusCentOS Local Security Checks
high
142799Oracle Linux 7 : curl (ELSA-2020-5002)NessusOracle Linux Local Security Checks
high
142754Oracle Linux 8 : curl (ELSA-2020-4599)NessusOracle Linux Local Security Checks
high
142705RHEL 7 : curl (RHSA-2020:5002)NessusRed Hat Local Security Checks
high
142508EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2020-2456)NessusHuawei Local Security Checks
high
142414RHEL 8 : curl (RHSA-2020:4599)NessusRed Hat Local Security Checks
high
142287EulerOS 2.0 SP2 : curl (EulerOS-SA-2020-2337)NessusHuawei Local Security Checks
high
140828EulerOS 2.0 SP3 : curl (EulerOS-SA-2020-2061)NessusHuawei Local Security Checks
high
140331EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2020-1961)NessusHuawei Local Security Checks
high
140156EulerOS 2.0 SP5 : curl (EulerOS-SA-2020-1935)NessusHuawei Local Security Checks
high
140010EulerOS Virtualization for ARM 64 3.0.6.0 : curl (EulerOS-SA-2020-1907)NessusHuawei Local Security Checks
high
139346Fedora 32 : mingw-curl (2020-ad05132742)NessusFedora Local Security Checks
high
139126EulerOS 2.0 SP8 : curl (EulerOS-SA-2020-1796)NessusHuawei Local Security Checks
high
139095Debian DLA-2295-1 : curl security updateNessusDebian Local Security Checks
high
139091Amazon Linux AMI : curl (ALAS-2020-1411)NessusAmazon Linux Local Security Checks
high
138939GLSA-202007-16 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
138715openSUSE Security Update : curl (openSUSE-2020-908)NessusSuSE Local Security Checks
high
138708openSUSE Security Update : curl (openSUSE-2020-883)NessusSuSE Local Security Checks
high
138617Amazon Linux 2 : curl (ALAS-2020-1451)NessusAmazon Linux Local Security Checks
high
138374Red Hat curl local file overwrite (CVE-2020-8177) (deprecated)NessusRed Hat Local Security Checks
medium
138366Fedora 31 : curl (2020-55f1f7cb13)NessusFedora Local Security Checks
high
138303SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:1773-1)NessusSuSE Local Security Checks
high
138293SUSE SLES12 Security Update : curl (SUSE-SU-2020:1735-1)NessusSuSE Local Security Checks
high
138292SUSE SLES12 Security Update : curl (SUSE-SU-2020:1734-1)NessusSuSE Local Security Checks
high
138291SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:1733-1)NessusSuSE Local Security Checks
high
138290SUSE SLES12 Security Update : curl (SUSE-SU-2020:1732-1)NessusSuSE Local Security Checks
high
137875Photon OS 1.0: Curl PHSA-2020-1.0-0304NessusPhotonOS Local Security Checks
high
137873Photon OS 2.0: Curl PHSA-2020-2.0-0255NessusPhotonOS Local Security Checks
high
137866Fedora 32 : curl (2020-6af1dd2936)NessusFedora Local Security Checks
high
137824Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : curl vulnerabilities (USN-4402-1)NessusUbuntu Local Security Checks
high
137822Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2020-176-01)NessusSlackware Local Security Checks
high
137792FreeBSD : curl -- multiple vulnerabilities (6bff5ca6-b61a-11ea-aef4-08002728f74c)NessusFreeBSD Local Security Checks
high
137779Photon OS 3.0: Curl PHSA-2020-3.0-0106NessusPhotonOS Local Security Checks
high