First published: Mon Nov 30 2020(Updated: )
curl. A buffer overflow was addressed with improved input validation.
Credit: xnynx xnynx support@hackerone.com xnynx support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24 | <0:1-18.el8 | 0:1-18.el8 |
redhat/jbcs-httpd24-apr | <0:1.6.3-105.el8 | 0:1.6.3-105.el8 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-82.el8 | 0:1.6.1-82.el8 |
redhat/jbcs-httpd24-brotli | <0:1.0.6-40.el8 | 0:1.0.6-40.el8 |
redhat/jbcs-httpd24-curl | <0:7.77.0-2.el8 | 0:7.77.0-2.el8 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-74.el8 | 0:2.4.37-74.el8 |
redhat/jbcs-httpd24-jansson | <0:2.11-55.el8 | 0:2.11-55.el8 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-37.el8 | 0:1.39.2-37.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-6.el8 | 1:1.1.1g-6.el8 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-5.el8 | 0:1.0.0-5.el8 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-20.el8 | 0:0.4.10-20.el8 |
redhat/jbcs-httpd24 | <0:1-18.jbcs.el7 | 0:1-18.jbcs.el7 |
redhat/jbcs-httpd24-apr | <0:1.6.3-105.jbcs.el7 | 0:1.6.3-105.jbcs.el7 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-82.jbcs.el7 | 0:1.6.1-82.jbcs.el7 |
redhat/jbcs-httpd24-curl | <0:7.77.0-2.jbcs.el7 | 0:7.77.0-2.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-74.jbcs.el7 | 0:2.4.37-74.jbcs.el7 |
redhat/jbcs-httpd24-jansson | <0:2.11-55.jbcs.el7 | 0:2.11-55.jbcs.el7 |
redhat/curl | <0:7.61.1-18.el8 | 0:7.61.1-18.el8 |
debian/curl | 7.64.0-4+deb10u2 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 | |
debian/curl | <=7.72.0-1<=7.64.0-4+deb10u1<=7.64.0-4 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
Apple Mojave | ||
Apple Catalina | ||
Haxx Libcurl | >=7.21.0<7.74.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
NetApp Clustered Data ONTAP | ||
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Netapp Hci Bootstrap Os | ||
Netapp Hci Compute Node | ||
Netapp Hci Storage Node Firmware | ||
Netapp Hci Storage Node | ||
Apple Mac OS X | <10.14.6 | |
Apple Mac OS X | >=10.15<10.15.7 | |
Apple Mac OS X | =10.14.6 | |
Apple Mac OS X | =10.14.6-security_update_2019-001 | |
Apple Mac OS X | =10.14.6-security_update_2019-002 | |
Apple Mac OS X | =10.14.6-security_update_2020-001 | |
Apple Mac OS X | =10.14.6-security_update_2020-002 | |
Apple Mac OS X | =10.14.6-security_update_2020-003 | |
Apple Mac OS X | =10.14.6-security_update_2020-004 | |
Apple Mac OS X | =10.14.6-security_update_2020-005 | |
Apple Mac OS X | =10.14.6-security_update_2020-006 | |
Apple Mac OS X | =10.14.6-security_update_2020-007 | |
Apple Mac OS X | =10.14.6-security_update_2021-001 | |
Apple Mac OS X | =10.15.7 | |
Apple Mac OS X | =10.15.7-security_update_2020-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-001 | |
Apple Mac OS X | =10.15.7-supplemental_update | |
Apple macOS | >=11.0<11.3 | |
Oracle Communications Billing and Revenue Management | =12.0.0.3.0 | |
Oracle Communications Cloud Native Core Policy | =1.14.0 | |
Oracle Essbase | =21.2 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Fujitsu M10-1 Firmware | <xcp2410 | |
Fujitsu M10-1 | ||
Fujitsu M10-4 Firmware | <xcp2410 | |
Fujitsu M10-4 | ||
Fujitsu M10-4s Firmware | <xcp2410 | |
Fujitsu M10-4s | ||
Fujitsu M12-1 Firmware | <xcp2410 | |
Fujitsu M12-1 | ||
Fujitsu M12-2 Firmware | <xcp2410 | |
Fujitsu M12-2 | ||
Fujitsu M12-2s Firmware | <xcp2410 | |
Fujitsu M12-2s | ||
Fujitsu M10-1 Firmware | <xcp3110 | |
Fujitsu M10-4 Firmware | <xcp3110 | |
Fujitsu M10-4s Firmware | <xcp3110 | |
Fujitsu M12-1 Firmware | <xcp3110 | |
Fujitsu M12-2 Firmware | <xcp3110 | |
Fujitsu M12-2s Firmware | <xcp3110 | |
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
Apple macOS Big Sur | <11.3 | 11.3 |
redhat/curl | <7.74.0 | 7.74.0 |
All of | ||
Netapp Hci Bootstrap Os | ||
Netapp Hci Compute Node | ||
All of | ||
Netapp Hci Storage Node Firmware | ||
Netapp Hci Storage Node | ||
All of | ||
Fujitsu M10-1 Firmware | <xcp2410 | |
Fujitsu M10-1 | ||
All of | ||
Fujitsu M10-4 Firmware | <xcp2410 | |
Fujitsu M10-4 | ||
All of | ||
Fujitsu M10-4s Firmware | <xcp2410 | |
Fujitsu M10-4s | ||
All of | ||
Fujitsu M12-1 Firmware | <xcp2410 | |
Fujitsu M12-1 | ||
All of | ||
Fujitsu M12-2 Firmware | <xcp2410 | |
Fujitsu M12-2 | ||
All of | ||
Fujitsu M12-2s Firmware | <xcp2410 | |
Fujitsu M12-2s | ||
All of | ||
Fujitsu M10-1 Firmware | <xcp3110 | |
Fujitsu M10-1 | ||
All of | ||
Fujitsu M10-4 Firmware | <xcp3110 | |
Fujitsu M10-4 | ||
All of | ||
Fujitsu M10-4s Firmware | <xcp3110 | |
Fujitsu M10-4s | ||
All of | ||
Fujitsu M12-1 Firmware | <xcp3110 | |
Fujitsu M12-1 | ||
All of | ||
Fujitsu M12-2 Firmware | <xcp3110 | |
Fujitsu M12-2 | ||
All of | ||
Fujitsu M12-2s Firmware | <xcp3110 | |
Fujitsu M12-2s | ||
Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
Splunk Universal Forwarder | =9.1.0 |
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2020-8285 is a buffer overflow vulnerability in curl that has been addressed with improved input validation.
The severity of CVE-2020-8285 is medium with a CVSS score of 6.5.
The versions affected by CVE-2020-8285 are curl 7.74.0 and earlier, jbcs-httpd24-curl 0:7.77.0-2.el8 and earlier, and jbcs-httpd24-curl 0:7.77.0-2.jbcs.el7 and earlier.
To fix CVE-2020-8285, update curl to version 7.74.0 or later.
You can find more information about CVE-2020-8285 in the references provided: [link1], [link2], [link3].