Lucene search

[email protected]CVE-2020-8177

HistoryDec 14, 2020 - 8:15 p.m.

CVE-2020-8177

2020-12-1420:15:13

CWE-99

CWE-74

[email protected]

web.nvd.nist.gov

368

cve-2020-8177

curl vulnerability

file name restriction

local file overwrite

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Affected configurations

NVD

Node

haxxcurlRange7.20.0–7.70.0

Node

debiandebian_linuxMatch10.0

Node

fujitsum10-1Match-

AND

fujitsum10-1_firmwareRange<xcp2410

Node

fujitsum10-4Match-

AND

fujitsum10-4_firmwareRange<xcp2410

Node

fujitsum10-4sMatch-

AND

fujitsum10-4s_firmwareRange<xcp2410

Node

fujitsum12-1Match-

AND

fujitsum12-1_firmwareRange<xcp2410

Node

fujitsum12-2Match-

AND

fujitsum12-2_firmwareRange<xcp2410

Node

fujitsum12-2sMatch-

AND

fujitsum12-2s_firmwareRange<xcp2410

Node

fujitsum10-1Match-

AND

fujitsum10-1_firmwareRange<xcp3110

Node

fujitsum10-4_firmwareRange<xcp3110

AND

fujitsum10-4Match-

Node

fujitsum10-4s_firmwareRange<xcp3110

AND

fujitsum10-4sMatch-

Node

fujitsum12-1_firmwareRange<xcp3110

AND

fujitsum12-1Match-

Node

fujitsum12-2_firmwareRange<xcp3110

AND

fujitsum12-2Match-

Node

fujitsum12-2s_firmwareRange<xcp3110

AND

fujitsum12-2sMatch-

Node

siemenssinec_infrastructure_network_servicesRange<1.0.1.1

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

CPENameOperatorVersion
haxx:curlhaxx curlle7.70.0

CPE	Name	Operator	Version
haxx:curl	haxx curl	le	7.70.0

CNA Affected

[
  {
    "product": "https://github.com/curl/curl",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "curl 7.20.0 to and including 7.70.0"
      }
    ]
  }
]