fkie_cve-2020-8177
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| debian | debian_linux | 10.0 | |
| fujitsu | m10-1_firmware | * | |
| fujitsu | m10-1 | - | |
| fujitsu | m10-4_firmware | * | |
| fujitsu | m10-4 | - | |
| fujitsu | m10-4s_firmware | * | |
| fujitsu | m10-4s | - | |
| fujitsu | m12-1_firmware | * | |
| fujitsu | m12-1 | - | |
| fujitsu | m12-2_firmware | * | |
| fujitsu | m12-2 | - | |
| fujitsu | m12-2s_firmware | * | |
| fujitsu | m12-2s | - | |
| fujitsu | m10-1_firmware | * | |
| fujitsu | m10-1 | - | |
| fujitsu | m10-4_firmware | * | |
| fujitsu | m10-4 | - | |
| fujitsu | m10-4s_firmware | * | |
| fujitsu | m10-4s | - | |
| fujitsu | m12-1_firmware | * | |
| fujitsu | m12-1 | - | |
| fujitsu | m12-2_firmware | * | |
| fujitsu | m12-2 | - | |
| fujitsu | m12-2s_firmware | * | |
| fujitsu | m12-2s | - | |
| siemens | sinec_infrastructure_network_services | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "3B70F283-7175-49BD-B02A-A18762C2DD6E", versionEndIncluding: "7.70.0", versionStartIncluding: "7.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADB5D4C9-DA14-4188-9181-17336F9445F6", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90B7CFBF-761C-4EAA-A322-EF5E294AADED", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E74AAF52-1388-4BD9-B17B-3A6A32CA3608", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A107698C-9C63-44A9-8A2B-81EDD5702B4C", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC0460E-4695-44FB-99EE-28B2C957B760", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD54A092-85A7-4459-9C69-19E6E24AC24B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F813DBC-BA1E-4C73-AA11-1BD3F9508372", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "416B805F-799A-4466-AC5A-93D083A2ABBD", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.", }, { lang: "es", value: "curl versiones 7.20.0 hasta 7.70.0, es vulnerable a una restricción inapropiada de nombres para archivos y otros recursos que pueden conllevar a sobrescribir demasiado un archivo local cuando el flag -J es usado", }, ], id: "CVE-2020-8177", lastModified: "2024-11-21T05:38:26.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T20:15:13.497", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8177.html", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/887462", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8177.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/887462", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-99", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.