{"containers": {"cna": {"affected": [{"product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [{"status": "affected", "version": "libcurl 7.21.0 to and including 7.73.0"}]}], "descriptions": [{"lang": "en", "value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "description": "Uncontrolled Recursion (CWE-674)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T23:23:28.000Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1045844"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/curl/curl/issues/6255"}, {"tags": ["x_refsource_MISC"], "url": "https://curl.se/docs/CVE-2020-8285.html"}, {"name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212325"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212326"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212327"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8285", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/curl/curl", "version": {"version_data": [{"version_value": "libcurl 7.21.0 to and including 7.73.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Recursion (CWE-674)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1045844", "refsource": "MISC", "url": "https://hackerone.com/reports/1045844"}, {"name": "https://github.com/curl/curl/issues/6255", "refsource": "MISC", "url": "https://github.com/curl/curl/issues/6255"}, {"name": "https://curl.se/docs/CVE-2020-8285.html", "refsource": "MISC", "url": "https://curl.se/docs/CVE-2020-8285.html"}, {"name": "FEDORA-2020-ceaf490686", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"name": "FEDORA-2020-7ab62c73bc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"name": "GLSA-202012-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202012-14"}, {"name": "DSA-4881", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4881"}, {"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210122-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"name": "https://support.apple.com/kb/HT212325", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212325"}, {"name": "https://support.apple.com/kb/HT212326", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212326"}, {"name": "https://support.apple.com/kb/HT212327", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212327"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1045844"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/curl/curl/issues/6255"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://curl.se/docs/CVE-2020-8285.html"}, {"name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212325"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212326"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212327"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T14:06:58.616126Z", "id": "CVE-2020-8285", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:07:21.315Z"}}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8285", "datePublished": "2020-12-14T19:39:04.000Z", "dateReserved": "2020-01-28T00:00:00.000Z", "dateUpdated": "2026-04-16T14:07:21.315Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1045844", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/curl/curl/issues/6255", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://curl.se/docs/CVE-2020-8285.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202012-14", "name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://www.debian.org/security/2021/dsa-4881", "name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/51", "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0007/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212325", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212326", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212327", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.307Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-8285", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T14:06:58.616126Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:06:15.342Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "https://github.com/curl/curl", "versions": [{"status": "affected", "version": "libcurl 7.21.0 to and including 7.73.0"}]}], "references": [{"url": "https://hackerone.com/reports/1045844", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/curl/curl/issues/6255", "tags": ["x_refsource_MISC"]}, {"url": "https://curl.se/docs/CVE-2020-8285.html", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://security.gentoo.org/glsa/202012-14", "name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://www.debian.org/security/2021/dsa-4881", "name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/51", "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_refsource_MISC"]}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0007/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT212325", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT212326", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT212327", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_refsource_MISC"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "Uncontrolled Recursion (CWE-674)"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2022-04-19T23:23:28.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "libcurl 7.21.0 to and including 7.73.0"}]}, "product_name": "https://github.com/curl/curl"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://hackerone.com/reports/1045844", "name": "https://hackerone.com/reports/1045844", "refsource": "MISC"}, {"url": "https://github.com/curl/curl/issues/6255", "name": "https://github.com/curl/curl/issues/6255", "refsource": "MISC"}, {"url": "https://curl.se/docs/CVE-2020-8285.html", "name": "https://curl.se/docs/CVE-2020-8285.html", "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "name": "FEDORA-2020-ceaf490686", "refsource": "FEDORA"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "name": "FEDORA-2020-7ab62c73bc", "refsource": "FEDORA"}, {"url": "https://security.gentoo.org/glsa/202012-14", "name": "GLSA-202012-14", "refsource": "GENTOO"}, {"url": "https://www.debian.org/security/2021/dsa-4881", "name": "DSA-4881", "refsource": "DEBIAN"}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/51", "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "refsource": "FULLDISC"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0007/", "name": "https://security.netapp.com/advisory/ntap-20210122-0007/", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT212325", "name": "https://support.apple.com/kb/HT212325", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT212326", "name": "https://support.apple.com/kb/HT212326", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT212327", "name": "https://support.apple.com/kb/HT212327", "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Recursion (CWE-674)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-8285", "STATE": "PUBLIC", "ASSIGNER": "support@hackerone.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-8285", "state": "PUBLISHED", "dateUpdated": "2026-04-16T14:07:21.315Z", "dateReserved": "2020-01-28T00:00:00.000Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2020-12-14T19:39:04.000Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "matchCriteriaId": "61666FBE-C3B7-4449-89C3-07288182D638", "versionEndExcluding": "7.74.0", "versionStartIncluding": "7.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BC4299D-05D3-4875-BC79-C3DC02C88ECE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E97851-4DFF-4852-A339-183331F4ACBC", "versionEndExcluding": "10.14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", "versionEndExcluding": "10.15.7", "versionStartIncluding": "10.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", "matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E699CCC-31F5-458E-A59C-79B3AF143747", "versionEndExcluding": "11.3", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE", "versionEndExcluding": "xcp2410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6", "versionEndExcluding": "xcp2410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E", "versionEndExcluding": "xcp2410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED", "versionEndExcluding": "xcp2410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886", "versionEndExcluding": "xcp2410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608", "versionEndExcluding": "xcp2410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A107698C-9C63-44A9-8A2B-81EDD5702B4C", "versionEndExcluding": "xcp3110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760", "versionEndExcluding": "xcp3110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B", "versionEndExcluding": "xcp3110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372", "versionEndExcluding": "xcp3110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B", "versionEndExcluding": "xcp3110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD", "versionEndExcluding": "xcp3110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."}, {"lang": "es", "value": "curl versiones 7.21.0 hasta 7.73.0 e incluy\u00e9ndola, es vulnerable a una recursividad no controlada debido a un problema de desbordamiento de la pila en el an\u00e1lisis de coincidencias del comod\u00edn FTP"}], "id": "CVE-2020-8285", "lastModified": "2026-04-16T15:16:43.167", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-12-14T20:15:13.983", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2020-8285.html"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/curl/curl/issues/6255"}, {"source": "support@hackerone.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1045844"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212325"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212326"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212327"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2020-8285.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/curl/curl/issues/6255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1045844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-674"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Varnavas Papaioannou for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:2471", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "curl", "product_name": "JBoss Core Services Apache HTTP Server 2.4.37 SP8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-0:1-18.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-apr-0:1.6.3-105.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-apr-util-0:1.6.1-82.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-brotli-0:1.0.6-40.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-curl-0:7.77.0-2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-httpd-0:2.4.37-74.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-jansson-0:2.11-55.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-5.Final_redhat_2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_http2-0:1.15.7-17.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_jk-0:1.2.48-16.redhat_1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_md-1:2.0.8-36.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.2-63.GA.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-nghttp2-0:1.39.2-37.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-1:1.1.1g-6.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-chil-0:1.0.0-5.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-0:1-18.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-105.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-82.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.77.0-2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-74.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-55.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-5.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-17.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-16.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-36.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-63.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:1610", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "curl-0:7.61.1-18.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used", "id": "1902687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902687"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-674->CWE-121", "details": ["curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", "Libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns `CURL_CHUNK_BGN_FUNC_SKIP`, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns \"skip\" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-8285", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:3.1", "fix_state": "Not affected", "package_name": "rh-dotnet31-curl", "product_name": ".NET Core 3.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "httpd24-curl", "product_name": "Red Hat Software Collections"}], "public_date": "2020-12-09T08:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8285\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8285\nhttps://curl.se/docs/CVE-2020-8285.html\nhttps://github.com/curl/curl/issues/6255"], "threat_severity": "Moderate"}