CVE-2020-8231: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ICS Advisory ## Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Release DateDecember 14, 2023 Alert CodeICSA-23-348-10 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 - Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss

CVE-2020-8231 [HIGH] Oracle Oracle Communications Risk Matrix: Policy (libcurl) — CVE-2020-8231 Oracle Oracle Communications Risk Matrix: Policy (libcurl) vulnerability CVE: CVE-2020-8231 CVSS: 7.5 Protocol: HTTP Remote exploit: Yes Affected versions: Network Advisory: cpuapr2022 (APR 2022)

[MEDIUM] Siemens SINEC INS ## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs. ICS Advisory ## Siemens SINEC INS Last RevisedMarch 10, 2022 Alert CodeICSA-22-069-09 ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SINEC INS - Vulnerability: Using Components with Known Vulnerabilities ## 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker to interfere with the affected product in various ways. ## 3. TECHNICAL DETAILS ## 3.1 AFFECTED PRODUCTS Siemens reports this vulnerability affects the following SINEC INS (Infrastructure Netw

CVE-2020-8286 [HIGH] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231) Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of serv

CVE-2020-8231 [HIGH] CWE-416 Due to use of a dangling pointer libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. Due to use of a dangling pointer libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner hackerone: hackerone Customer Action Required: Y

CVE-2020-8231 curl vulnerability Title: curl vulnerability Summary: curl could be made to expose sensitive information over the network. USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2020-8231 curl vulnerability Title: curl vulnerability Summary: curl could be made to expose sensitive information over the network. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2020-8231 [HIGH] CWE-822 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Not affected Package: rh-dotnet31-curl (.NET Core 3.1 on Red Hat Enterprise Linux) - Not affected Package: curl (Red Hat Ceph Storage 2) - Out of support scope Package: curl (Red Hat Enterprise Linux 5) - Not affected

CVE-2020-8231 [HIGH] CVE-2020-8231: curl - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wron... Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. Scope: local bookworm: resolved (fixed in 7.72.0-1) bullseye: resolved (fixed in 7.72.0-1) forky: resolved (fixed in 7.72.0-1) sid: resolved (fixed in 7.72.0-1) trixie: resolved (fixed in 7.72.0-1)

CVE-2020-8231 [HIGH] CWE-416 GHSA-xp52-49j5-h754: Due to use of a dangling pointer, libcurl 7 Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

CVE-2020-8231 [HIGH] CVE-2020-8231: Due to use of a dangling pointer, libcurl 7 Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

CVE-2020-8231 [HIGH] curl vulnerabilities curl vulnerabilities Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231) Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) It was discovered that curl incorrectly

CVE-2020-8231 [HIGH] CVE-2020-8231: Connect-only connections can use the wrong connection CVE-2020-8231: Connect-only connections can use the wrong connection ## Summary: If a connect-only easy handle is not read from or written to, its connection can time out and be closed. If a new connection is created it can be allocated at the same address, causing the easy handle to use the new connection. This new connection may not be connected to the same server as the old connection, which can allow sensitive information intended to go to the first server to instead go to the second server. This sequence of events would be uncommon in ordinary usage, so I have attached a sample program that implements a simple caching allocator, which causes the address to be re-used deterministically. According to git bisect, this behavior was introduced in commit 755083d. ## Steps To Reproduce:

CVE-2020-8231 [HIGH] CVE-2020-8231 curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set [fedora-all] CVE-2020-8231 curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue

CVE-2020-8231 [HIGH] CVE-2020-8231 mingw-curl: curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set [fedora-all] CVE-2020-8231 mingw-curl: curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE

CVE-2020-8231 [HIGH] CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set A flaw was found in libcurl from versions 7.29.0 to and including 7.71.1. An application that performs multiple requests with libcurl's multi API and sets the `CURLOPT_CONNECT_ONLY` option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection. Introducing commit: https://github.com/curl/curl/commit/c43127414d Upstream patch: https://curl.haxx.se/2020-8231.patch References: https://curl.haxx.se/docs/CVE-2020-8231.html Discussion: Acknowledgments: Name: the Curl project Upstream: Marc Aldorasi --- Created curl tracking bugs for this issue: Affects: fedora-all [bug 1870092] Created mingw

Threat Assessment in Machine Learning based Systems Threat Assessment in Machine Learning based Systems Lionel Nganyewou Tidjon and Foutse Khomh, Senior Member, IEEE The authors are with Polytechnique Montréal, Montréal, QC H3C 3A7, Canada. E-mail: \lionel.tidjon, foutse.khomh\@polymtl.ca ## Abstract Machine learning is a field of artificial intelligence (AI) that is becoming essential for several critical systems, making it a good target for threat actors. Threat actors exploit different Tactics, Techniques, and Procedures (TTPs) against the confidentiality, integrity, and availability of Machine Learning (ML) systems. During the ML cycle, they exploit adversarial TTPs to poison data and fool ML-based systems. In recent years, multiple security practices have been proposed for traditional systems but they are not enough to cope with th