CVE-2020-8286
Description
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.384
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-8285,CVE-2020-8286 are affected in Curl For Windows 7.73.0 | Windows |
| Vulnerabilities CVE-2020-8286,CVE-2020-8285,CVE-2020-8284 are fixed in Curl For Windows 7.74.0 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.3 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.3.1 - Software Update | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) curl_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl4_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-nss_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu2.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu2.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu4.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.68.0-1ubuntu4.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.47.0-1ubuntu2.18_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.47.0-1ubuntu2.18_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.58.0-2ubuntu3.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-4665-1) libcurl3-gnutls_7.58.0-2ubuntu3.12_amd64.deb | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) curl-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debuginfo-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debugsource-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-32bit-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-7.60.0-11.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3739-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-32bit-7.60.0-11.9.1.x86_64.rpm | Linux |
| curl security update(DSA-4881-1) curl_7.64.0-4+deb10u2_i386.deb | Linux |
| curl security update(DSA-4881-1) curl_7.64.0-4+deb10u2_amd64.deb | Linux |
| (RHSA-2021:1610) curl security and bug fix update curl-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update curl-debugsource-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update curl-debugsource-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-devel-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-devel-7.61.1-18.el8.x86_64.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-minimal-7.61.1-18.el8.i686.rpm | Linux |
| (RHSA-2021:1610) curl security and bug fix update libcurl-minimal-7.61.1-18.el8.x86_64.rpm | Linux |
| Improper Certificate Validation Vulnerability (CVE-2020-8286) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234