// For flags

CVE-2020-8285

curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

curl versiones 7.21.0 hasta 7.73.0 e incluyéndola, es vulnerable a una recursividad no controlada debido a un problema de desbordamiento de la pila en el análisis de coincidencias del comodín FTP

Libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns `CURL_CHUNK_BGN_FUNC_SKIP`, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-28 CVE Reserved
  • 2020-12-09 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-11-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-674: Uncontrolled Recursion
  • CWE-787: Out-of-bounds Write
CAPEC
References (21)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netapp
Search vendor "Netapp"
Hci Bootstrap Os
Search vendor "Netapp" for product "Hci Bootstrap Os"
--
Affected
in Netapp
Search vendor "Netapp"
Hci Compute Node
Search vendor "Netapp" for product "Hci Compute Node"
--
Safe
Netapp
Search vendor "Netapp"
Hci Storage Node Firmware
Search vendor "Netapp" for product "Hci Storage Node Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Hci Storage Node
Search vendor "Netapp" for product "Hci Storage Node"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-1 Firmware
Search vendor "Fujitsu" for product "M10-1 Firmware"
< xcp2410
Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp2410"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-1
Search vendor "Fujitsu" for product "M10-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4 Firmware
Search vendor "Fujitsu" for product "M10-4 Firmware"
< xcp2410
Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp2410"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4
Search vendor "Fujitsu" for product "M10-4"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4s Firmware
Search vendor "Fujitsu" for product "M10-4s Firmware"
< xcp2410
Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp2410"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4s
Search vendor "Fujitsu" for product "M10-4s"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-1 Firmware
Search vendor "Fujitsu" for product "M12-1 Firmware"
< xcp2410
Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp2410"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-1
Search vendor "Fujitsu" for product "M12-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2 Firmware
Search vendor "Fujitsu" for product "M12-2 Firmware"
< xcp2410
Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2410"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2
Search vendor "Fujitsu" for product "M12-2"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2s Firmware
Search vendor "Fujitsu" for product "M12-2s Firmware"
< xcp2410
Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp2410"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2s
Search vendor "Fujitsu" for product "M12-2s"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-1 Firmware
Search vendor "Fujitsu" for product "M10-1 Firmware"
< xcp3110
Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp3110"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-1
Search vendor "Fujitsu" for product "M10-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4 Firmware
Search vendor "Fujitsu" for product "M10-4 Firmware"
< xcp3110
Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp3110"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4
Search vendor "Fujitsu" for product "M10-4"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4s Firmware
Search vendor "Fujitsu" for product "M10-4s Firmware"
< xcp3110
Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp3110"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4s
Search vendor "Fujitsu" for product "M10-4s"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-1 Firmware
Search vendor "Fujitsu" for product "M12-1 Firmware"
< xcp3110
Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp3110"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-1
Search vendor "Fujitsu" for product "M12-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2 Firmware
Search vendor "Fujitsu" for product "M12-2 Firmware"
< xcp3110
Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp3110"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2
Search vendor "Fujitsu" for product "M12-2"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2s Firmware
Search vendor "Fujitsu" for product "M12-2s Firmware"
< xcp3110
Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp3110"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2s
Search vendor "Fujitsu" for product "M12-2s"
--
Safe
Haxx
Search vendor "Haxx"
Libcurl
Search vendor "Haxx" for product "Libcurl"
>= 7.21.0 < 7.74.0
Search vendor "Haxx" for product "Libcurl" and version " >= 7.21.0 < 7.74.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Netapp
Search vendor "Netapp"
Clustered Data Ontap
Search vendor "Netapp" for product "Clustered Data Ontap"
--
Affected
Netapp
Search vendor "Netapp"
Hci Management Node
Search vendor "Netapp" for product "Hci Management Node"
--
Affected
Netapp
Search vendor "Netapp"
Solidfire
Search vendor "Netapp" for product "Solidfire"
--
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
< 10.14.6
Search vendor "Apple" for product "Mac Os X" and version " < 10.14.6"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
>= 10.15 < 10.15.7
Search vendor "Apple" for product "Mac Os X" and version " >= 10.15 < 10.15.7"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2019-001
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2019-002
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-001
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-002
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-003
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-004
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-005
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-006
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2020-007
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.14.6
Search vendor "Apple" for product "Mac Os X" and version "10.14.6"
security_update_2021-001
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.15.7
Search vendor "Apple" for product "Mac Os X" and version "10.15.7"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.15.7
Search vendor "Apple" for product "Mac Os X" and version "10.15.7"
security_update_2020-001
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.15.7
Search vendor "Apple" for product "Mac Os X" and version "10.15.7"
security_update_2021-001
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.15.7
Search vendor "Apple" for product "Mac Os X" and version "10.15.7"
supplemental_update
Affected
Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
>= 11.0 < 11.3
Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.3"
-
Affected
Oracle
Search vendor "Oracle"
Communications Billing And Revenue Management
Search vendor "Oracle" for product "Communications Billing And Revenue Management"
12.0.0.3.0
Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Policy
Search vendor "Oracle" for product "Communications Cloud Native Core Policy"
1.14.0
Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0"
-
Affected
Oracle
Search vendor "Oracle"
Essbase
Search vendor "Oracle" for product "Essbase"
21.2
Search vendor "Oracle" for product "Essbase" and version "21.2"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.58
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"
-
Affected
Siemens
Search vendor "Siemens"
Sinec Infrastructure Network Services
Search vendor "Siemens" for product "Sinec Infrastructure Network Services"
< 1.0.1.1
Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1"
-
Affected
Splunk
Search vendor "Splunk"
Universal Forwarder
Search vendor "Splunk" for product "Universal Forwarder"
>= 8.2.0 < 8.2.12
Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12"
-
Affected
Splunk
Search vendor "Splunk"
Universal Forwarder
Search vendor "Splunk" for product "Universal Forwarder"
>= 9.0.0 < 9.0.6
Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6"
-
Affected
Splunk
Search vendor "Splunk"
Universal Forwarder
Search vendor "Splunk" for product "Universal Forwarder"
9.1.0
Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0"
-
Affected