CVE-2020-8285
published 2020-12-14CVE-2020-8285: curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.14.6 | 10.14.6 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.3 | 11.3 |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-002_catalina | — | — |
| debian | curl | < curl 7.74.0-1 (bookworm) | curl 7.74.0-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fujitsu | m10-1_firmware | < xcp2410 | xcp2410 |
| fujitsu | m10-1_firmware | < xcp3110 | xcp3110 |
| fujitsu | m10-4_firmware | < xcp2410 | xcp2410 |
| fujitsu | m10-4_firmware | < xcp3110 | xcp3110 |
| fujitsu | m10-4s_firmware | < xcp2410 | xcp2410 |
| fujitsu | m10-4s_firmware | < xcp3110 | xcp3110 |
| fujitsu | m12-1_firmware | < xcp2410 | xcp2410 |
| fujitsu | m12-1_firmware | < xcp3110 | xcp3110 |
| fujitsu | m12-2_firmware | < xcp2410 | xcp2410 |
| fujitsu | m12-2_firmware | < xcp3110 | xcp3110 |
| fujitsu | m12-2s_firmware | < xcp2410 | xcp2410 |
| fujitsu | m12-2s_firmware | < xcp3110 | xcp3110 |
| haxx | curl | >= 0 < 7.74.0-1 | 7.74.0-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH