CVE-2020-8285
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
curl versiones 7.21.0 hasta 7.73.0 e incluyéndola, es vulnerable a una recursividad no controlada debido a un problema de desbordamiento de la pila en el análisis de coincidencias del comodín FTP
Libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns `CURL_CHUNK_BGN_FUNC_SKIP`, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-28 CVE Reserved
- 2020-12-09 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-674: Uncontrolled Recursion
- CWE-787: Out-of-bounds Write
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Apr/51 | Mailing List |
|
| https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | Mailing List | |
| https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | Mailing List | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210122-0007 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212325 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212326 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212327 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/curl/curl/issues/6255 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2024-03-27 | |
| https://www.oracle.com//security-alerts/cpujul2021.html | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpujan2022.html | 2024-03-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Hci Bootstrap Os Search vendor "Netapp" for product "Hci Bootstrap Os" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Hci Storage Node Firmware Search vendor "Netapp" for product "Hci Storage Node Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Storage Node Search vendor "Netapp" for product "Hci Storage Node" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp2410 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp2410" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp3110 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp3110" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | >= 7.21.0 < 7.74.0 Search vendor "Haxx" for product "Libcurl" and version " >= 7.21.0 < 7.74.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.14.6 Search vendor "Apple" for product "Mac Os X" and version " < 10.14.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.15 < 10.15.7 Search vendor "Apple" for product "Mac Os X" and version " >= 10.15 < 10.15.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2019-001 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2019-002 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-001 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-002 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-003 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-004 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-005 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-006 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2020-007 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.14.6 Search vendor "Apple" for product "Mac Os X" and version "10.14.6" | security_update_2021-001 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2020-001 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2021-001 |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | supplemental_update |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 11.0 < 11.3 Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 12.0.0.3.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Essbase Search vendor "Oracle" for product "Essbase" | 21.2 Search vendor "Oracle" for product "Essbase" and version "21.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | 9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0" | - |
Affected
| ||||||