CVE-2020-8177
published 2020-12-14CVE-2020-8177: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
1.24%
65.2th percentile
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.72.0-1 (bookworm) | curl 7.72.0-1 (bookworm) |
| debian | debian_linux | — | — |
| fujitsu | m10-1_firmware | < xcp2410 | xcp2410 |
| fujitsu | m10-1_firmware | < xcp3110 | xcp3110 |
| fujitsu | m10-4_firmware | < xcp2410 | xcp2410 |
| fujitsu | m10-4_firmware | < xcp3110 | xcp3110 |
| fujitsu | m10-4s_firmware | < xcp2410 | xcp2410 |
| fujitsu | m10-4s_firmware | < xcp3110 | xcp3110 |
| fujitsu | m12-1_firmware | < xcp2410 | xcp2410 |
| fujitsu | m12-1_firmware | < xcp3110 | xcp3110 |
| fujitsu | m12-2_firmware | < xcp2410 | xcp2410 |
| fujitsu | m12-2_firmware | < xcp3110 | xcp3110 |
| fujitsu | m12-2s_firmware | < xcp2410 | xcp2410 |
| fujitsu | m12-2s_firmware | < xcp3110 | xcp3110 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.15 | 7.47.0-1ubuntu2.15 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.9 | 7.58.0-2ubuntu3.9 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.1 | 7.68.0-1ubuntu2.1 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm4 | 7.35.0-1ubuntu2.20+esm4 |
| haxx | curl | 7.20.0 – 7.70.0 | — |
| https | github.com_curl_curl | — | — |
| msrc | cm1_curl_7.68.0-5_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
CISA ICS
Siemens SINEC INS
cisa_ics·2022-03-10·CVSS 5.9
[MEDIUM] Siemens SINEC INS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SINEC INS
Last RevisedMarch 10, 2022
Alert CodeICSA-22-069-09
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC INS
- Vulnerability: Using Components with Known Vulnerabilities
## 2. RISK EVALUATION
Successful exploitation of this vulnerability in third-party components could allow an attacker to interfere with the affected product in various ways.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Siemens reports this vulnerability affects the following SINEC INS (Infrastructure Netw
Microsoft
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
vendor_msrc·2020-12-08·CVSS 7.8
CVE-2020-8177 [HIGH] CWE-74 curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Marin
Ubuntu
curl vulnerabilities
vendor_ubuntu·2020-06-24·CVSS 7.5
CVE-2020-8177 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered
that curl incorrectly handled certain credentials. An attacker
could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS.
(CVE-2020-8169)
It was discovered that curl incorrectly handled certain parameters.
An attacker could possibly use this issue to overwrite a local file.
(CVE-2020-8177)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
curl: Incorrect argument check can allow remote servers to overwrite local files
vendor_redhat·2020-06-24·CVSS 7.8
CVE-2020-8177 [HIGH] curl: Incorrect argument check can allow remote servers to overwrite local files
curl: Incorrect argument check can allow remote servers to overwrite local files
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is to file integrity.
Statement: This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' (with the '-O' option) and '-i' command line options combined.
In most cases, there is nothing to gain
Debian
CVE-2020-8177: curl - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for fi...
vendor_debian·2020·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177: curl - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for fi...
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Scope: local
bookworm: resolved (fixed in 7.72.0-1)
bullseye: resolved (fixed in 7.72.0-1)
forky: resolved (fixed in 7.72.0-1)
sid: resolved (fixed in 7.72.0-1)
trixie: resolved (fixed in 7.72.0-1)
VulDB
curl up to 7.70.0 File Name injection (Nessus ID 236591)
vuldb·2026-04-16·CVSS 7.8
CVE-2020-8177 [HIGH] curl up to 7.70.0 File Name injection (Nessus ID 236591)
A vulnerability was found in curl up to 7.70.0. It has been classified as problematic. This vulnerability affects unknown code of the component File Name Handler. This manipulation causes injection.
This vulnerability appears as CVE-2020-8177. The attack requires local access. There is no available exploit.
GHSA
GHSA-wqc8-jpfx-w9g4: curl 7
ghsa_unreviewed·2022-05-24
CVE-2020-8177 [HIGH] CWE-74 GHSA-wqc8-jpfx-w9g4: curl 7
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
OSV
CVE-2020-8177: curl 7
osv·2020-12-14·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177: curl 7
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
OSV
curl vulnerabilities
osv·2020-06-24·CVSS 7.5
CVE-2020-8169 [HIGH] curl vulnerabilities
curl vulnerabilities
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered
that curl incorrectly handled certain credentials. An attacker
could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS.
(CVE-2020-8169)
It was discovered that curl incorrectly handled certain parameters.
An attacker could possibly use this issue to overwrite a local file.
(CVE-2020-8177)
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2020-8177: curl overwrite local file with -J
hackerone·2020-12-05·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177: curl overwrite local file with -J
CVE-2020-8177: curl overwrite local file with -J
## Summary:
curl supports the `Content-disposition` header, including the `filename=` option. By design, curl does not allow server-provided local file override by verifying that the `filename=` argument does not exist before opening it.
However, the implementation contains 2 minor logical bugs that allow a server to override an arbitrary local file (without path traversal) when running curl with specific command line args (-OJi)
This bug can trigger a logical RCE when curl is used from the user's home dir (or other specific directories), by overriding specific files (e.g. ".bashrc"), while keeping the user completely uninformed of the side effects.
The 2 bugs are:
1. `curl -iJ` is not supported however `curl -Ji` is available -
2. The sta
HackerOne
curl overwrites local file with -J option if file non-readable, but file writable.
hackerone·2020-08-01·CVSS 7.8
[HIGH] curl overwrites local file with -J option if file non-readable, but file writable.
curl overwrites local file with -J option if file non-readable, but file writable.
## Summary:
When using -J -O options on curl command line tool and a server responding with a header that is using Content-Disposition to provide a filename, existing local file will be overwritten if the file is non-readable by the current user, but file is writable by the current user.
Curl contains protection to prevent the overwrite, but protection code is using the file's readability permission to check for its existence. So protection will be bypassed in this case, as it is only writable by the user.
Issue was discovered after review of CVE-2020-8177 description. I was curious how the Content-Disposition feature and prevention of file overwrite worked. While reviewing the code around that feature n
Bugzilla
CVE-2020-8177 curl: command line arguments lead to local file overwrite [fedora-all]
bugzilla·2020-06-26·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177 curl: command line arguments lead to local file overwrite [fedora-all]
CVE-2020-8177 curl: command line arguments lead to local file overwrite [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [fedora-all]
bugzilla·2020-06-26·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [fedora-all]
CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2020-8177 mingw-curl: curl: command line arguments lead to local file overwrite [fedora-all]
bugzilla·2020-06-26·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177 mingw-curl: curl: command line arguments lead to local file overwrite [fedora-all]
CVE-2020-8177 mingw-curl: curl: command line arguments lead to local file overwrite [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [epel-7]
bugzilla·2020-06-26·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [epel-7]
CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to
Bugzilla
CVE-2020-8177 curl: Incorrect argument check can allow remote servers to overwrite local files
bugzilla·2020-06-17·CVSS 7.8
CVE-2020-8177 [HIGH] CVE-2020-8177 curl: Incorrect argument check can allow remote servers to overwrite local files
CVE-2020-8177 curl: Incorrect argument check can allow remote servers to overwrite local files
curl can be tricked my a malicious server to overwrite a local file when using
`-J` (`--remote-header-name`) and `-i` (`--head`) in the same command line.
Discussion:
External References:
https://curl.haxx.se/docs/CVE-2020-8177.html
---
Created curl tracking bugs for this issue:
Affects: fedora-all [bug 1851426]
Created flickcurl tracking bugs for this issue:
Affects: epel-7 [bug 1851429]
Affects: fedora-all [bug 1851428]
Created mingw-curl tracking bugs for this issue:
Affects: fedora-all [bug 1851427]
---
Created attachment 1702219
vendor patch slightly edited for 7.29.0-57
would like this fixed asap for rhel7. here is proposed patch
---
Yes, please fix ASAP on RHEL7. Importan
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://curl.se/docs/CVE-2020-8177.htmlhttps://hackerone.com/reports/887462https://www.debian.org/security/2021/dsa-4881https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://curl.se/docs/CVE-2020-8177.htmlhttps://hackerone.com/reports/887462https://www.debian.org/security/2021/dsa-4881https://www.oracle.com/security-alerts/cpujan2022.html
2020-12-14
Published