Home

CVE-2020-8177

Description

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.021

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2020-8169,CVE-2020-8177 are affected in Curl For Windows 7.70.0Windows
Vulnerabilities CVE-2020-8177,CVE-2020-8169 are fixed in Curl For Windows 7.71.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.5Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.6Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) curl-7.60.0-4.15.2.x86_64.rpmLinux
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) curl-debuginfo-7.60.0-4.15.2.x86_64.rpmLinux
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) curl-debugsource-7.60.0-4.15.2.x86_64.rpmLinux
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) libcurl4-7.60.0-4.15.2.x86_64.rpmLinux
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) libcurl4-32bit-7.60.0-4.15.2.x86_64.rpmLinux
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) libcurl4-debuginfo-7.60.0-4.15.2.x86_64.rpmLinux
SUSE-SU-2020:1735-1(SUSE Linux Enterprise Server 12-SP4 ) libcurl4-debuginfo-32bit-7.60.0-4.15.2.x86_64.rpmLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.58.0-2ubuntu3.9_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.58.0-2ubuntu3.9_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.65.3-1ubuntu3.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.65.3-1ubuntu3.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.68.0-1ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.68.0-1ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.47.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) curl_7.47.0-1ubuntu2.15_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3_7.47.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3_7.47.0-1ubuntu2.15_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl4_7.58.0-2ubuntu3.9_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl4_7.58.0-2ubuntu3.9_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl4_7.65.3-1ubuntu3.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl4_7.65.3-1ubuntu3.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl4_7.68.0-1ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl4_7.68.0-1ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.58.0-2ubuntu3.9_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.58.0-2ubuntu3.9_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.65.3-1ubuntu3.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.65.3-1ubuntu3.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.68.0-1ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.68.0-1ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.47.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-nss_7.47.0-1ubuntu2.15_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.58.0-2ubuntu3.9_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.58.0-2ubuntu3.9_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.65.3-1ubuntu3.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.65.3-1ubuntu3.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.68.0-1ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.68.0-1ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.47.0-1ubuntu2.15_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-4402-1) libcurl3-gnutls_7.47.0-1ubuntu2.15_amd64.debLinux
(RHSA-2020:4599) curl security and bug fix update curl-7.61.1-14.el8.x86_64.rpmLinux
(RHSA-2020:4599) curl security and bug fix update curl-debugsource-7.61.1-14.el8.i686.rpmLinux
(RHSA-2020:4599) curl security and bug fix update curl-debugsource-7.61.1-14.el8.x86_64.rpmLinux
(RHSA-2020:4599) curl security and bug fix update libcurl-7.61.1-14.el8.i686.rpmLinux
(RHSA-2020:4599) curl security and bug fix update libcurl-7.61.1-14.el8.x86_64.rpmLinux
(RHSA-2020:4599) curl security and bug fix update libcurl-devel-7.61.1-14.el8.i686.rpmLinux
(RHSA-2020:4599) curl security and bug fix update libcurl-devel-7.61.1-14.el8.x86_64.rpmLinux
(RHSA-2020:4599) curl security and bug fix update libcurl-minimal-7.61.1-14.el8.i686.rpmLinux
(RHSA-2020:4599) curl security and bug fix update libcurl-minimal-7.61.1-14.el8.x86_64.rpmLinux
(RHSA-2020:5002) curl security update curl-7.29.0-59.el7_9.1.x86_64.rpmLinux
(RHSA-2020:5002) curl security update libcurl-7.29.0-59.el7_9.1.i686.rpmLinux
(RHSA-2020:5002) curl security update libcurl-7.29.0-59.el7_9.1.x86_64.rpmLinux
(RHSA-2020:5002) curl security update libcurl-devel-7.29.0-59.el7_9.1.i686.rpmLinux
(RHSA-2020:5002) curl security update libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpmLinux
Curl update (ELSA-2020-5002) curl-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpmLinux
Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.i686.rpmLinux
Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpmLinux
curl security update(DSA-4881-1) curl_7.64.0-4+deb10u2_i386.debLinux
curl security update(DSA-4881-1) curl_7.64.0-4+deb10u2_amd64.debLinux
(CESA-2020:5002) curl security update libcurl-7.29.0-59.el7_9.1.i686.rpmLinux
(CESA-2020:5002) curl security update libcurl-devel-7.29.0-59.el7_9.1.i686.rpmLinux
(CESA-2020:5002) curl security update curl-7.29.0-59.el7_9.1.x86_64.rpmLinux
(CESA-2020:5002) curl security update libcurl-7.29.0-59.el7_9.1.x86_64.rpmLinux
(CESA-2020:5002) curl security update libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpmLinux
Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability (CVE-2020-8177)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234