CVE-2020-8284
Description
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.104
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2020-8284 are affected in Curl For Windows 7.73.0 | Windows |
| Vulnerabilities CVE-2020-8286,CVE-2020-8285,CVE-2020-8284 are fixed in Curl For Windows 7.74.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.2 | Windows |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.3 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.3.1 - Software Update | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) curl-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debuginfo-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debugsource-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-32bit-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-32bit-7.60.0-11.9.1.x86_64.rpm | Linux |
| curl security update(DSA-4881-1) curl_7.64.0-4+deb10u2_i386.deb | Linux |
| curl security update(DSA-4881-1) curl_7.64.0-4+deb10u2_amd64.deb | Linux |
| (RHSA-2021:1610) curl security and bug fix update curl-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update curl-debugsource-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update curl-debugsource-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-devel-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-devel-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-minimal-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-minimal-7.61.1-18.el8.x86_64.rpm | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) curl_7.22.0-3ubuntu4.29_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) curl_7.22.0-3ubuntu4.29_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) libcurl3_7.22.0-3ubuntu4.29_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) libcurl3_7.22.0-3ubuntu4.29_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) libcurl3-nss_7.22.0-3ubuntu4.29_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) libcurl3-nss_7.22.0-3ubuntu4.29_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) libcurl3-gnutls_7.22.0-3ubuntu4.29_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-2) libcurl3-gnutls_7.22.0-3ubuntu4.29_amd64.deb | Linux |
| CVE-2020-8284 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234