Multiple vulnerabilities were discovered in cURL, an URL transfer library :

  - CVE-2020-8169     Marek Szlagor reported that libcurl could be tricked     into prepending a part of the password to the host name     before it resolves it, potentially leaking the partial     password over the network and to the DNS server(s).

  - CVE-2020-8177     sn reported that curl could be tricked by a malicious     server into overwriting a local file when using the -J     (--remote-header-name) and -i (--include) options in the     same command line.

  - CVE-2020-8231     Marc Aldorasi reported that libcurl might use the wrong     connection when an application using libcurl's multi API     sets the option CURLOPT_CONNECT_ONLY, which could lead     to information leaks.

  - CVE-2020-8284     Varnavas Papaioannou reported that a malicious server     could use the PASV response to trick curl into     connecting back to an arbitrary IP address and port,     potentially making curl extract information about     services that are otherwise private and not disclosed.

  - CVE-2020-8285     xnynx reported that libcurl could run out of stack space     when using the FTP wildcard matching functionality     (CURLOPT_CHUNK_BGN_FUNCTION).

  - CVE-2020-8286     It was reported that libcurl didn't verify that an OCSP     response actually matches the certificate it is intended     to.

  - CVE-2021-22876     Viktor Szakats reported that libcurl does not strip off     user credentials from the URL when automatically     populating the Referer HTTP request header field in     outgoing HTTP requests.

  - CVE-2021-22890     Mingtao Yang reported that, when using an HTTPS proxy     and TLS 1.3, libcurl could confuse session tickets     arriving from the HTTPS proxy as if they arrived from     the remote server instead. This could allow an HTTPS     proxy to trick libcurl into using the wrong session     ticket for the host and thereby circumvent the server     TLS certificate check.

Detections

Analytics

Debian DSA-4881-1 : curl - security update

high Nessus Plugin ID 148277

Version 1.11

Version 1.10

Version 1.9

Version 1.7

Version 1.11 Jan 16, 2024, 3:43 PM CVSSv3 score source (set to "CVE-2020-8177") Plugin Feed: 202401161543
Version 1.10 Jan 16, 2024, 1:47 PM CVSSv3 score source (set to "CVE-2020-8177") Plugin Feed: 202401161347
Version 1.9 Jan 8, 2024, 2:53 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (set to "CVE-2020-8177") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202401081453
Version 1.7 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254