Vulnerability Details CVE-2020-8177
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://curl.se/docs/CVE-2020-8177.html
- https://hackerone.com/reports/887462
- https://www.debian.org/security/2021/dsa-4881
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://curl.se/docs/CVE-2020-8177.html
- https://hackerone.com/reports/887462
- https://www.debian.org/security/2021/dsa-4881
- https://www.oracle.com/security-alerts/cpujan2022.html
Products affected by CVE-2020-8177
-
cpe:2.3:a:haxx:curl:7.20.0
-
cpe:2.3:a:haxx:curl:7.20.1
-
cpe:2.3:a:haxx:curl:7.21.0
-
cpe:2.3:a:haxx:curl:7.21.1
-
cpe:2.3:a:haxx:curl:7.21.2
-
cpe:2.3:a:haxx:curl:7.21.3
-
cpe:2.3:a:haxx:curl:7.21.4
-
cpe:2.3:a:haxx:curl:7.21.5
-
cpe:2.3:a:haxx:curl:7.21.6
-
cpe:2.3:a:haxx:curl:7.21.7
-
cpe:2.3:a:haxx:curl:7.22.0
-
cpe:2.3:a:haxx:curl:7.23.0
-
cpe:2.3:a:haxx:curl:7.23.1
-
cpe:2.3:a:haxx:curl:7.24.0
-
cpe:2.3:a:haxx:curl:7.25.0
-
cpe:2.3:a:haxx:curl:7.26.0
-
cpe:2.3:a:haxx:curl:7.27.0
-
cpe:2.3:a:haxx:curl:7.28.0
-
cpe:2.3:a:haxx:curl:7.28.1
-
cpe:2.3:a:haxx:curl:7.29.0
-
cpe:2.3:a:haxx:curl:7.30.0
-
cpe:2.3:a:haxx:curl:7.31.0
-
cpe:2.3:a:haxx:curl:7.32.0
-
cpe:2.3:a:haxx:curl:7.33.0
-
cpe:2.3:a:haxx:curl:7.34.0
-
cpe:2.3:a:haxx:curl:7.35.0
-
cpe:2.3:a:haxx:curl:7.36.0
-
cpe:2.3:a:haxx:curl:7.37.0
-
cpe:2.3:a:haxx:curl:7.37.1
-
cpe:2.3:a:haxx:curl:7.38.0
-
cpe:2.3:a:haxx:curl:7.39.0
-
cpe:2.3:a:haxx:curl:7.40.0
-
cpe:2.3:a:haxx:curl:7.41.0
-
cpe:2.3:a:haxx:curl:7.42.0
-
cpe:2.3:a:haxx:curl:7.42.1
-
cpe:2.3:a:haxx:curl:7.43.0
-
cpe:2.3:a:haxx:curl:7.44.0
-
cpe:2.3:a:haxx:curl:7.45.0
-
cpe:2.3:a:haxx:curl:7.46.0
-
cpe:2.3:a:haxx:curl:7.47.0
-
cpe:2.3:a:haxx:curl:7.47.1
-
cpe:2.3:a:haxx:curl:7.48.0
-
cpe:2.3:a:haxx:curl:7.49.0
-
cpe:2.3:a:haxx:curl:7.49.1
-
cpe:2.3:a:haxx:curl:7.50.0
-
cpe:2.3:a:haxx:curl:7.50.1
-
cpe:2.3:a:haxx:curl:7.50.2
-
cpe:2.3:a:haxx:curl:7.50.3
-
cpe:2.3:a:haxx:curl:7.51.0
-
cpe:2.3:a:haxx:curl:7.52.0
-
cpe:2.3:a:haxx:curl:7.52.1
-
cpe:2.3:a:haxx:curl:7.53.0
-
cpe:2.3:a:haxx:curl:7.53.1
-
cpe:2.3:a:haxx:curl:7.54.0
-
cpe:2.3:a:haxx:curl:7.54.1
-
cpe:2.3:a:haxx:curl:7.55.0
-
cpe:2.3:a:haxx:curl:7.55.1
-
cpe:2.3:a:haxx:curl:7.56.0
-
cpe:2.3:a:haxx:curl:7.56.1
-
cpe:2.3:a:haxx:curl:7.57.0
-
cpe:2.3:a:haxx:curl:7.58.0
-
cpe:2.3:a:haxx:curl:7.59.0
-
cpe:2.3:a:haxx:curl:7.60.0
-
cpe:2.3:a:haxx:curl:7.61.0
-
cpe:2.3:a:haxx:curl:7.61.1
-
cpe:2.3:a:haxx:curl:7.62.0
-
cpe:2.3:a:haxx:curl:7.63.0
-
cpe:2.3:a:haxx:curl:7.64.0
-
cpe:2.3:a:haxx:curl:7.64.1
-
cpe:2.3:a:haxx:curl:7.65.0
-
cpe:2.3:a:haxx:curl:7.65.1
-
cpe:2.3:a:haxx:curl:7.65.2
-
cpe:2.3:a:haxx:curl:7.65.3
-
cpe:2.3:a:haxx:curl:7.66.0
-
cpe:2.3:a:haxx:curl:7.67.0
-
cpe:2.3:a:haxx:curl:7.68.0
-
cpe:2.3:a:haxx:curl:7.69.0
-
cpe:2.3:a:haxx:curl:7.69.1
-
cpe:2.3:a:haxx:curl:7.70.0
-
cpe:2.3:a:siemens:sinec_infrastructure_network_services:-
-
cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1
-
cpe:2.3:a:splunk:universal_forwarder:8.2.0
-
cpe:2.3:a:splunk:universal_forwarder:8.2.10
-
cpe:2.3:a:splunk:universal_forwarder:8.2.11
-
cpe:2.3:a:splunk:universal_forwarder:8.2.6
-
cpe:2.3:a:splunk:universal_forwarder:8.2.7
-
cpe:2.3:a:splunk:universal_forwarder:8.2.8
-
cpe:2.3:a:splunk:universal_forwarder:8.2.9
-
cpe:2.3:a:splunk:universal_forwarder:9.0.0
-
cpe:2.3:a:splunk:universal_forwarder:9.0.1
-
cpe:2.3:a:splunk:universal_forwarder:9.0.2
-
cpe:2.3:a:splunk:universal_forwarder:9.0.3
-
cpe:2.3:a:splunk:universal_forwarder:9.0.4
-
cpe:2.3:a:splunk:universal_forwarder:9.0.5
-
cpe:2.3:a:splunk:universal_forwarder:9.1.0
-
cpe:2.3:h:fujitsu:m10-1:-
-
cpe:2.3:h:fujitsu:m10-4:-
-
cpe:2.3:h:fujitsu:m10-4s:-
-
cpe:2.3:h:fujitsu:m12-1:-
-
cpe:2.3:h:fujitsu:m12-2:-
-
cpe:2.3:h:fujitsu:m12-2s:-
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fujitsu:m10-1_firmware:-
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp2280
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp2361
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp2400
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp2410
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp3070
-
cpe:2.3:o:fujitsu:m10-1_firmware:xcp3100
-
cpe:2.3:o:fujitsu:m10-4_firmware:-
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp2280
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp2361
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp2400
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp2410
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp3070
-
cpe:2.3:o:fujitsu:m10-4_firmware:xcp3100
-
cpe:2.3:o:fujitsu:m10-4s_firmware:-
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2280
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2361
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2400
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2410
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp3070
-
cpe:2.3:o:fujitsu:m10-4s_firmware:xcp3100
-
cpe:2.3:o:fujitsu:m12-1_firmware:-
-
cpe:2.3:o:fujitsu:m12-1_firmware:xcp2361
-
cpe:2.3:o:fujitsu:m12-1_firmware:xcp2400
-
cpe:2.3:o:fujitsu:m12-1_firmware:xcp2410
-
cpe:2.3:o:fujitsu:m12-1_firmware:xcp3070
-
cpe:2.3:o:fujitsu:m12-1_firmware:xcp3090
-
cpe:2.3:o:fujitsu:m12-1_firmware:xcp3100
-
cpe:2.3:o:fujitsu:m12-2_firmware:-
-
cpe:2.3:o:fujitsu:m12-2_firmware:xcp2361
-
cpe:2.3:o:fujitsu:m12-2_firmware:xcp2400
-
cpe:2.3:o:fujitsu:m12-2_firmware:xcp2410
-
cpe:2.3:o:fujitsu:m12-2_firmware:xcp3070
-
cpe:2.3:o:fujitsu:m12-2_firmware:xcp3090
-
cpe:2.3:o:fujitsu:m12-2_firmware:xcp3100
-
cpe:2.3:o:fujitsu:m12-2s_firmware:-
-
cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2361
-
cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2400
-
cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2410
-
cpe:2.3:o:fujitsu:m12-2s_firmware:xcp3070
-
cpe:2.3:o:fujitsu:m12-2s_firmware:xcp3090
-
cpe:2.3:o:fujitsu:m12-2s_firmware:xcp3100