CVE-2020-8231

Severity

Theme

CVE-2020-8231

high

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

References

https://hackerone.com/reports/948876

https://curl.haxx.se/docs/CVE-2020-8231.html

https://security.gentoo.org/glsa/202012-14

https://www.debian.org/security/2021/dsa-4881

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

Details

Source: MITRE

Published: 2020-12-14

Updated: 2021-06-29

Type: CWE-416

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* versions from 7.29.0 to 7.71.1 (inclusive)

Tenable Plugins

View all (34 total)

ID	Name	Product	Family	Severity
152237	Amazon Linux 2 : curl (ALAS-2021-1693)	Nessus	Amazon Linux Local Security Checks	high
151421	EulerOS Virtualization 3.0.2.2 : curl (EulerOS-SA-2021-2132)	Nessus	Huawei Local Security Checks	high
151350	EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2021-2101)	Nessus	Huawei Local Security Checks	high
150677	SUSE SLES11 Security Update : curl (SUSE-SU-2020:14481-1)	Nessus	SuSE Local Security Checks	high
150083	SUSE SLES12 Security Update : curl (SUSE-SU-2021:1786-1)	Nessus	SuSE Local Security Checks	critical
149932	Oracle Linux 8 : curl (ELSA-2021-1610)	Nessus	Oracle Linux Local Security Checks	high
149767	CentOS 8 : curl (CESA-2021:1610)	Nessus	CentOS Local Security Checks	high
149676	RHEL 8 : curl (RHSA-2021:1610)	Nessus	Red Hat Local Security Checks	high
148277	Debian DSA-4881-1 : curl - security update	Nessus	Debian Local Security Checks	medium
147561	EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2021-1466)	Nessus	Huawei Local Security Checks	high
147470	EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1596)	Nessus	Huawei Local Security Checks	high
144598	GLSA-202012-14 : cURL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
144011	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : curl vulnerabilities (USN-4665-1)	Nessus	Ubuntu Local Security Checks	high
142984	Amazon Linux AMI : curl (ALAS-2020-1444)	Nessus	Amazon Linux Local Security Checks	high
142287	EulerOS 2.0 SP2 : curl (EulerOS-SA-2020-2337)	Nessus	Huawei Local Security Checks	high
142061	EulerOS 2.0 SP5 : curl (EulerOS-SA-2020-2279)	Nessus	Huawei Local Security Checks	high
140979	EulerOS Virtualization for ARM 64 3.0.6.0 : curl (EulerOS-SA-2020-2031)	Nessus	Huawei Local Security Checks	high
140828	EulerOS 2.0 SP3 : curl (EulerOS-SA-2020-2061)	Nessus	Huawei Local Security Checks	high
140808	Debian DLA-2382-1 : curl security update	Nessus	Debian Local Security Checks	high
140726	openSUSE Security Update : curl (openSUSE-2020-1494)	Nessus	SuSE Local Security Checks	high
140372	openSUSE Security Update : curl (openSUSE-2020-1359)	Nessus	SuSE Local Security Checks	high
140368	openSUSE Security Update : curl (openSUSE-2020-1345)	Nessus	SuSE Local Security Checks	high
140251	SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:2446-1)	Nessus	SuSE Local Security Checks	high
140250	SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:2445-1)	Nessus	SuSE Local Security Checks	high
140249	SUSE SLES12 Security Update : curl (SUSE-SU-2020:2444-1)	Nessus	SuSE Local Security Checks	high
140227	Fedora 31 : curl (2020-126a0dd319)	Nessus	Fedora Local Security Checks	high
139945	EulerOS 2.0 SP8 : curl (EulerOS-SA-2020-1842)	Nessus	Huawei Local Security Checks	high
139737	Fedora 32 : curl (2020-da832cb434)	Nessus	Fedora Local Security Checks	high
139729	Photon OS 3.0: Curl PHSA-2020-3.0-0129	Nessus	PhotonOS Local Security Checks	high
139728	Photon OS 2.0: Curl PHSA-2020-2.0-0273	Nessus	PhotonOS Local Security Checks	high
139724	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : curl vulnerability (USN-4466-1)	Nessus	Ubuntu Local Security Checks	high
139719	Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2020-232-01)	Nessus	Slackware Local Security Checks	high
139715	FreeBSD : curl -- expired pointer dereference vulnerability (b905dff4-e227-11ea-b0ea-08002728f74c)	Nessus	FreeBSD Local Security Checks	high
139702	Photon OS 1.0: Curl PHSA-2020-1.0-0315	Nessus	PhotonOS Local Security Checks	high

CVE-2020-8231

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

critical

high

high

high

medium

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high