Home > Vulnerability Database > CVE-2020-8284

Mend.io Vulnerability Database

CVE-2020-8284

Good to know:

Date: December 14, 2020

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Language: C

Severity Score

3.7

Related Resources (25)

Url: https://www.oracle.com/security-alerts/cpuApr2021.html

Url: https://support.apple.com/kb/HT212325

Url: https://github.com/curl/curl/commit/ec9cc725d598ac

Url: https://www.debian.org/security/2021/dsa-4881

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8284

Url: https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Url: https://security-tracker.debian.org/tracker/CVE-2020-8284

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/

Url: https://security.gentoo.org/glsa/202012-14

Url: https://support.apple.com/kb/HT212327

Url: https://support.apple.com/kb/HT212326

Url: https://access.redhat.com/security/cve/CVE-2020-8284

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-8284

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/

Url: https://hackerone.com/reports/1040166

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/

Url: https://curl.se/docs/CVE-2020-8284.html

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Url: https://www.oracle.com//security-alerts/cpujul2021.html

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://security.netapp.com/advisory/ntap-20210122-0007/

Url: https://security.alpinelinux.org/vuln/CVE-2020-8284

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/

Url: https://www.mend.io/vulnerability-database/CVE-2020-8284

Severity Score

3.7

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 7.74.0

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-8284

Good to know:

Date: December 14, 2020

Language: C

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?