CVE-2020-8286
First published: Wed Dec 09 2020(Updated: )
curl. This issue was addressed with improved checks.
Credit: an anonymous researcher an anonymous researcher support@hackerone.com an anonymous researcher support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24 | <0:1-18.el8 | 0:1-18.el8 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-105.el8 | 0:1.6.3-105.el8 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-82.el8 | 0:1.6.1-82.el8 |
| redhat/jbcs-httpd24-brotli | <0:1.0.6-40.el8 | 0:1.0.6-40.el8 |
| redhat/jbcs-httpd24-curl | <0:7.77.0-2.el8 | 0:7.77.0-2.el8 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-74.el8 | 0:2.4.37-74.el8 |
| redhat/jbcs-httpd24-jansson | <0:2.11-55.el8 | 0:2.11-55.el8 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-37.el8 | 0:1.39.2-37.el8 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-6.el8 | 1:1.1.1g-6.el8 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-5.el8 | 0:1.0.0-5.el8 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-20.el8 | 0:0.4.10-20.el8 |
| redhat/jbcs-httpd24 | <0:1-18.jbcs.el7 | 0:1-18.jbcs.el7 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-105.jbcs.el7 | 0:1.6.3-105.jbcs.el7 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-82.jbcs.el7 | 0:1.6.1-82.jbcs.el7 |
| redhat/jbcs-httpd24-curl | <0:7.77.0-2.jbcs.el7 | 0:7.77.0-2.jbcs.el7 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-74.jbcs.el7 | 0:2.4.37-74.jbcs.el7 |
| redhat/jbcs-httpd24-jansson | <0:2.11-55.jbcs.el7 | 0:2.11-55.jbcs.el7 |
| redhat/curl | <0:7.61.1-18.el8 | 0:7.61.1-18.el8 |
| debian/curl | 7.64.0-4+deb10u2 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 | |
| debian/curl | <=7.64.0-4+deb10u1<=7.72.0-1<=7.64.0-4 | |
| redhat/curl | <7.74.0 | 7.74.0 |
| Apple macOS | <11.3 | 11.3 |
| macOS Catalina | ||
| macOS Mojave | ||
| IBM Cloud Pak for Security | <=1.7.2.0 | |
| IBM Cloud Pak for Security | <=1.7.1.0 | |
| IBM Cloud Pak for Security | <=1.7.0.0 | |
| libcurl | >=7.41.0<7.74.0 | |
| Red Hat Fedora | =32 | |
| Red Hat Fedora | =33 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| IBM Data ONTAP | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp SolidFire & HCI Storage Node | ||
| All of | ||
| NetApp Bootstrap OS | ||
| NetApp HCI Compute Node | ||
| All of | ||
| NetApp HCI Storage Nodes | ||
| NetApp HCI Storage Nodes | ||
| Apple iOS and macOS | <10.14.6 | |
| Apple iOS and macOS | >=10.15<10.15.7 | |
| Apple iOS and macOS | =10.14.6 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-003 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-004 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-005 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-006 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-007 | |
| Apple iOS and macOS | =10.14.6-security_update_2021-001 | |
| Apple iOS and macOS | =10.15.7 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-001 | |
| Apple iOS and macOS | =10.15.7-supplemental_update | |
| macOS | >=11.0<11.3 | |
| All of | ||
| Siemens TIM 1531 IRC Firmware | <=2.2 | |
| Siemens Simatic TIM 1531 IRC Firmware | ||
| Siemens SINEC Infrastructure Network Services | <1.0.1.1 | |
| Oracle Communications Billing and Revenue Management | =12.0.0.3.0 | |
| Oracle Communications Cloud Native Core Policy | =1.14.0 | |
| Oracle Hyperion Essbase | =21.2 | |
| Oracle PeopleTools | =8.58 | |
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 | |
| NetApp Bootstrap OS | ||
| NetApp HCI Compute Node | ||
| NetApp HCI Storage Nodes | ||
| NetApp HCI Storage Nodes | ||
| Siemens TIM 1531 IRC Firmware | <=2.2 | |
| Siemens Simatic TIM 1531 IRC Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-8286 https://nvd.nist.gov/vuln/detail/CVE-2020-8286 https://curl.se/docs/CVE-2020-8286.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1906096
- https://access.redhat.com/errata/RHSA-2021:2472
- https://access.redhat.com/errata/RHSA-2021:1610
- https://access.redhat.com/errata/RHSA-2021:2471
- https://access.redhat.com/security/cve/cve-2020-8286
- https://curl.se/docs/CVE-2020-8286.html
- https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199
- https://security-tracker.debian.org/tracker/CVE-2020-8286
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
- https://security-tracker.debian.org/tracker/CVE-2020-8285
- https://curl.se/docs/CVE-2020-8285.html
- https://security-tracker.debian.org/tracker/CVE-2020-8284
- https://curl.se/docs/CVE-2020-8284.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192856
- https://www.ibm.com/support/pages/node/6493729 (Advisory)
- https://support.apple.com/en-us/HT212327 (Advisory)
- https://support.apple.com/en-us/HT212326 (Advisory)
- http://seclists.org/fulldisclosure/2021/Apr/50
- http://seclists.org/fulldisclosure/2021/Apr/51
- http://seclists.org/fulldisclosure/2021/Apr/54
- https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://hackerone.com/reports/1048457
- https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
- https://security.gentoo.org/glsa/202012-14
- https://security.netapp.com/advisory/ntap-20210122-0007/
- https://support.apple.com/kb/HT212325
- https://support.apple.com/kb/HT212326
- https://support.apple.com/kb/HT212327
- https://www.debian.org/security/2021/dsa-4881
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://support.apple.com/en-us/HT212325 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906098
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1906099
- https://github.com/curl/curl/commit/d9d01672785b
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1853
- CVE-2021-1849
- CVE-2021-1867
- CVE-2021-1810
- CVE-2021-1808
- CVE-2021-1857
- CVE-2021-30752
- CVE-2021-30664
- CVE-2021-1846
- CVE-2021-1809
- CVE-2021-30659
- CVE-2021-1847
- CVE-2021-1811
- CVE-2020-8284
- CVE-2020-8286
- CVE-2020-8285
- CVE-2021-1784
- CVE-2021-1872
- CVE-2021-1881
- CVE-2021-1882
- CVE-2021-1813
- CVE-2021-1883
- CVE-2021-1884
- CVE-2021-1880
- CVE-2021-30653
- CVE-2021-1814
- CVE-2021-1843
- CVE-2021-1885
- CVE-2021-1858
- CVE-2021-30743
- CVE-2021-30658
- CVE-2021-1841
- CVE-2021-1834
- CVE-2021-1860
- CVE-2021-1840
- CVE-2021-1851
- CVE-2021-1832
- CVE-2021-30660
- CVE-2021-30652
- CVE-2021-1875
- CVE-2021-1824
- CVE-2021-1859
- CVE-2021-1876
- CVE-2021-1815
- CVE-2021-1739
- CVE-2021-1740
- CVE-2021-1861
- CVE-2021-1855
- CVE-2021-1868
- CVE-2021-30750
- CVE-2021-1878
- CVE-2021-30657
- CVE-2021-30856
- CVE-2020-8037
- CVE-2021-1839
- CVE-2021-1825
- CVE-2021-1817
- CVE-2021-1826
- CVE-2021-1820
- CVE-2021-30661
- CVE-2020-7463
- CVE-2021-1828
- CVE-2021-1829
- CVE-2021-30655
- CVE-2021-1770
- CVE-2021-1873
- CVE-2021-1797
- CVE-2020-27942
- CVE-2020-3838
- CVE-2021-1805
- CVE-2021-1806
Frequently Asked Questions
What is the CVE ID of this vulnerability?
CVE-2020-8286
What is the severity level of CVE-2020-8286?
High
What software is affected by CVE-2020-8286?
curl
How can I fix CVE-2020-8286?
Upgrade to version 7.74.0 or later for curl.
Where can I find more information about CVE-2020-8286?
You can find more information about CVE-2020-8286 at the following references: [link1](https://support.apple.com/en-us/HT212326), [link2](https://support.apple.com/en-us/HT212327), [link3](https://support.apple.com/en-us/HT212325).
- collector/redhat-cve
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2020-8286
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- agent/references
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/source
- collector/ibm-support
- source/IBM
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/apple
- canonical/apple macos
- canonical/macos catalina
- canonical/macos mojave
- vendor/ibm
- canonical/ibm cloud pak for security
- version/ibm cloud pak for security/1.7.2.0
- version/ibm cloud pak for security/1.7.1.0
- version/ibm cloud pak for security/1.7.0.0
- vendor/haxx
- canonical/libcurl
- version/libcurl/7.41.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/32
- version/red hat fedora/33
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/netapp
- canonical/ibm data ontap
- canonical/netapp solidfire & hci management node
- canonical/netapp solidfire & hci storage node
- canonical/netapp bootstrap os
- canonical/netapp hci compute node
- canonical/netapp hci storage nodes
- canonical/apple ios and macos
- version/apple ios and macos/10.15
- version/apple ios and macos/10.14.6
- version/apple ios and macos/10.14.6-security_update_2019-001
- version/apple ios and macos/10.14.6-security_update_2019-002
- version/apple ios and macos/10.14.6-security_update_2020-001
- version/apple ios and macos/10.14.6-security_update_2020-002
- version/apple ios and macos/10.14.6-security_update_2020-003
- version/apple ios and macos/10.14.6-security_update_2020-004
- version/apple ios and macos/10.14.6-security_update_2020-005
- version/apple ios and macos/10.14.6-security_update_2020-006
- version/apple ios and macos/10.14.6-security_update_2020-007
- version/apple ios and macos/10.14.6-security_update_2021-001
- version/apple ios and macos/10.15.7
- version/apple ios and macos/10.15.7-security_update_2020-001
- version/apple ios and macos/10.15.7-security_update_2021-001
- version/apple ios and macos/10.15.7-supplemental_update
- canonical/macos
- version/macos/11.0
- vendor/siemens
- canonical/siemens tim 1531 irc firmware
- version/siemens tim 1531 irc firmware/2.2
- canonical/siemens simatic tim 1531 irc firmware
- canonical/siemens sinec infrastructure network services
- vendor/oracle
- canonical/oracle communications billing and revenue management
- version/oracle communications billing and revenue management/12.0.0.3.0
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/oracle hyperion essbase
- version/oracle hyperion essbase/21.2
- canonical/oracle peopletools
- version/oracle peopletools/8.58
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0