csaf_redhat - rhsa-2021:1610

rhsa-2021:1610

Vulnerability from csaf_redhat

Published

2021-05-18 15:28

Modified

2025-02-28 08:53

Summary

Red Hat Security Advisory: curl security and bug fix update

Notes

Topic

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://access.redhat.com/security/updates/classification/",
         text: "Moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright © Red Hat, Inc. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "An update for curl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
            title: "Topic",
         },
         {
            category: "general",
            text: "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.",
            title: "Details",
         },
         {
            category: "legal_disclaimer",
            text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
            title: "Terms of Use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://access.redhat.com/security/team/contact/",
         issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
         name: "Red Hat Product Security",
         namespace: "https://www.redhat.com",
      },
      references: [
         {
            category: "self",
            summary: "https://access.redhat.com/errata/RHSA-2021:1610",
            url: "https://access.redhat.com/errata/RHSA-2021:1610",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/security/updates/classification/#moderate",
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/",
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/",
         },
         {
            category: "external",
            summary: "1868032",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1868032",
         },
         {
            category: "external",
            summary: "1873327",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1873327",
         },
         {
            category: "external",
            summary: "1895391",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1895391",
         },
         {
            category: "external",
            summary: "1902667",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902667",
         },
         {
            category: "external",
            summary: "1902687",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902687",
         },
         {
            category: "external",
            summary: "1906096",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1906096",
         },
         {
            category: "external",
            summary: "1918692",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1918692",
         },
         {
            category: "self",
            summary: "Canonical URL",
            url: "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1610.json",
         },
      ],
      title: "Red Hat Security Advisory: curl security and bug fix update",
      tracking: {
         current_release_date: "2025-02-28T08:53:58+00:00",
         generator: {
            date: "2025-02-28T08:53:58+00:00",
            engine: {
               name: "Red Hat SDEngine",
               version: "4.3.1",
            },
         },
         id: "RHSA-2021:1610",
         initial_release_date: "2021-05-18T15:28:08+00:00",
         revision_history: [
            {
               date: "2021-05-18T15:28:08+00:00",
               number: "1",
               summary: "Initial version",
            },
            {
               date: "2021-05-18T15:28:08+00:00",
               number: "2",
               summary: "Last updated version",
            },
            {
               date: "2025-02-28T08:53:58+00:00",
               number: "3",
               summary: "Last generated version",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux BaseOS (v. 8)",
                        product: {
                           name: "Red Hat Enterprise Linux BaseOS (v. 8)",
                           product_id: "BaseOS-8.4.0.GA",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:8::baseos",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "Red Hat Enterprise Linux",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "curl-0:7.61.1-18.el8.src",
                        product: {
                           name: "curl-0:7.61.1-18.el8.src",
                           product_id: "curl-0:7.61.1-18.el8.src",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl@7.61.1-18.el8?arch=src",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "src",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "curl-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "curl-0:7.61.1-18.el8.aarch64",
                           product_id: "curl-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "libcurl-0:7.61.1-18.el8.aarch64",
                           product_id: "libcurl-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-devel-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "libcurl-devel-0:7.61.1-18.el8.aarch64",
                           product_id: "libcurl-devel-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-devel@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "libcurl-minimal-0:7.61.1-18.el8.aarch64",
                           product_id: "libcurl-minimal-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debugsource-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "curl-debugsource-0:7.61.1-18.el8.aarch64",
                           product_id: "curl-debugsource-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debugsource@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debuginfo-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "curl-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_id: "curl-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debuginfo@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_id: "curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_id: "libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-debuginfo@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                        product: {
                           name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_id: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.61.1-18.el8?arch=aarch64",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "curl-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "curl-0:7.61.1-18.el8.ppc64le",
                           product_id: "curl-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "libcurl-0:7.61.1-18.el8.ppc64le",
                           product_id: "libcurl-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-devel-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "libcurl-devel-0:7.61.1-18.el8.ppc64le",
                           product_id: "libcurl-devel-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-devel@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                           product_id: "libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debugsource-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "curl-debugsource-0:7.61.1-18.el8.ppc64le",
                           product_id: "curl-debugsource-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debugsource@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_id: "curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debuginfo@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_id: "curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_id: "libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-debuginfo@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                        product: {
                           name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_id: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.61.1-18.el8?arch=ppc64le",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "curl-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "curl-0:7.61.1-18.el8.x86_64",
                           product_id: "curl-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "libcurl-0:7.61.1-18.el8.x86_64",
                           product_id: "libcurl-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-devel-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "libcurl-devel-0:7.61.1-18.el8.x86_64",
                           product_id: "libcurl-devel-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-devel@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "libcurl-minimal-0:7.61.1-18.el8.x86_64",
                           product_id: "libcurl-minimal-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debugsource-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "curl-debugsource-0:7.61.1-18.el8.x86_64",
                           product_id: "curl-debugsource-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debugsource@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debuginfo-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "curl-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_id: "curl-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debuginfo@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_id: "curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_id: "libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-debuginfo@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                        product: {
                           name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_id: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.61.1-18.el8?arch=x86_64",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libcurl-0:7.61.1-18.el8.i686",
                        product: {
                           name: "libcurl-0:7.61.1-18.el8.i686",
                           product_id: "libcurl-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-devel-0:7.61.1-18.el8.i686",
                        product: {
                           name: "libcurl-devel-0:7.61.1-18.el8.i686",
                           product_id: "libcurl-devel-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-devel@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-0:7.61.1-18.el8.i686",
                        product: {
                           name: "libcurl-minimal-0:7.61.1-18.el8.i686",
                           product_id: "libcurl-minimal-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debugsource-0:7.61.1-18.el8.i686",
                        product: {
                           name: "curl-debugsource-0:7.61.1-18.el8.i686",
                           product_id: "curl-debugsource-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debugsource@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debuginfo-0:7.61.1-18.el8.i686",
                        product: {
                           name: "curl-debuginfo-0:7.61.1-18.el8.i686",
                           product_id: "curl-debuginfo-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debuginfo@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                        product: {
                           name: "curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                           product_id: "curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-debuginfo-0:7.61.1-18.el8.i686",
                        product: {
                           name: "libcurl-debuginfo-0:7.61.1-18.el8.i686",
                           product_id: "libcurl-debuginfo-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-debuginfo@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                        product: {
                           name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                           product_id: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.61.1-18.el8?arch=i686",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i686",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "curl-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "curl-0:7.61.1-18.el8.s390x",
                           product_id: "curl-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "libcurl-0:7.61.1-18.el8.s390x",
                           product_id: "libcurl-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-devel-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "libcurl-devel-0:7.61.1-18.el8.s390x",
                           product_id: "libcurl-devel-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-devel@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "libcurl-minimal-0:7.61.1-18.el8.s390x",
                           product_id: "libcurl-minimal-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debugsource-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "curl-debugsource-0:7.61.1-18.el8.s390x",
                           product_id: "curl-debugsource-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debugsource@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-debuginfo-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "curl-debuginfo-0:7.61.1-18.el8.s390x",
                           product_id: "curl-debuginfo-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-debuginfo@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                           product_id: "curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                           product_id: "libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-debuginfo@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                        product: {
                           name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                           product_id: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.61.1-18.el8?arch=s390x",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "curl-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "curl-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
            },
            product_reference: "curl-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-0:7.61.1-18.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
            },
            product_reference: "curl-0:7.61.1-18.el8.src",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "curl-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debuginfo-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "curl-debuginfo-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debuginfo-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
            },
            product_reference: "curl-debuginfo-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debuginfo-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "curl-debuginfo-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debuginfo-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
            },
            product_reference: "curl-debuginfo-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debuginfo-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "curl-debuginfo-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debugsource-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "curl-debugsource-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debugsource-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
            },
            product_reference: "curl-debugsource-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debugsource-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "curl-debugsource-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debugsource-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
            },
            product_reference: "curl-debugsource-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-debugsource-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "curl-debugsource-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-minimal-debuginfo-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
            },
            product_reference: "curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-minimal-debuginfo-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
            },
            product_reference: "curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "libcurl-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
            },
            product_reference: "libcurl-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "libcurl-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
            },
            product_reference: "libcurl-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "libcurl-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-debuginfo-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-debuginfo-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
            },
            product_reference: "libcurl-debuginfo-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-debuginfo-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-debuginfo-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
            },
            product_reference: "libcurl-debuginfo-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-debuginfo-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-devel-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "libcurl-devel-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-devel-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
            },
            product_reference: "libcurl-devel-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-devel-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "libcurl-devel-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-devel-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
            },
            product_reference: "libcurl-devel-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-devel-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "libcurl-devel-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "libcurl-minimal-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
            },
            product_reference: "libcurl-minimal-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "libcurl-minimal-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
            },
            product_reference: "libcurl-minimal-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "libcurl-minimal-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
            },
            product_reference: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
            },
            product_reference: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
            },
            product_reference: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
            },
            product_reference: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
               product_id: "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            },
            product_reference: "libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            relates_to_product_reference: "BaseOS-8.4.0.GA",
         },
      ],
   },
   vulnerabilities: [
      {
         acknowledgments: [
            {
               names: [
                  "the Curl project",
               ],
            },
            {
               names: [
                  "Marc Aldorasi",
               ],
               summary: "Acknowledged by upstream.",
            },
         ],
         cve: "CVE-2020-8231",
         cwe: {
            id: "CWE-822",
            name: "Untrusted Pointer Dereference",
         },
         discovery_date: "2020-08-11T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1868032",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2020-8231",
            },
            {
               category: "external",
               summary: "RHBZ#1868032",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1868032",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2020-8231",
               url: "https://www.cve.org/CVERecord?id=CVE-2020-8231",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8231",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8231",
            },
         ],
         release_date: "2020-08-19T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2021-05-18T15:28:08+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2021:1610",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set",
      },
      {
         acknowledgments: [
            {
               names: [
                  "Varnavas Papaioannou",
               ],
            },
         ],
         cve: "CVE-2020-8284",
         cwe: {
            id: "CWE-200",
            name: "Exposure of Sensitive Information to an Unauthorized Actor",
         },
         discovery_date: "2020-11-30T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1902667",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A malicious server can use the `PASV` response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If curl operates on a URL provided by a user, a user can exploit that and pass in a URL to a malicious FTP server instance without needing any server breach to perform the attack.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "curl: FTP PASV command response can cause curl to connect to arbitrary host",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2020-8284",
            },
            {
               category: "external",
               summary: "RHBZ#1902667",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902667",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2020-8284",
               url: "https://www.cve.org/CVERecord?id=CVE-2020-8284",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8284",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8284",
            },
            {
               category: "external",
               summary: "https://curl.se/docs/CVE-2020-8284.html",
               url: "https://curl.se/docs/CVE-2020-8284.html",
            },
         ],
         release_date: "2020-12-09T08:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2021-05-18T15:28:08+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2021:1610",
            },
            {
               category: "workaround",
               details: "This flaw can be mitigated in curl as shipped with Red Hat Enterprise Linux and Red Hat Software Collections when using curl by passing the `--ftp-skip-pasv-ip` command line option to curl. For usage of libcurl, set `CURLOPT_FTP_SKIP_PASV_IP` to `1L`[1]. Note that these mitigations could cause problems in the uncommon instance that the server needs the client to connect back to an IP other than the control connection IP address.\n\n1. https://curl.se/libcurl/c/CURLOPT_FTP_SKIP_PASV_IP.html",
               product_ids: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.1,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "curl: FTP PASV command response can cause curl to connect to arbitrary host",
      },
      {
         acknowledgments: [
            {
               names: [
                  "Varnavas Papaioannou",
               ],
            },
         ],
         cve: "CVE-2020-8285",
         cwe: {
            id: "CWE-121",
            name: "Stack-based Buffer Overflow",
         },
         discovery_date: "2020-11-30T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1902687",
            },
         ],
         notes: [
            {
               category: "description",
               text: "Libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns `CURL_CHUNK_BGN_FUNC_SKIP`, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns \"skip\" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2020-8285",
            },
            {
               category: "external",
               summary: "RHBZ#1902687",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902687",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2020-8285",
               url: "https://www.cve.org/CVERecord?id=CVE-2020-8285",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8285",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8285",
            },
            {
               category: "external",
               summary: "https://curl.se/docs/CVE-2020-8285.html",
               url: "https://curl.se/docs/CVE-2020-8285.html",
            },
            {
               category: "external",
               summary: "https://github.com/curl/curl/issues/6255",
               url: "https://github.com/curl/curl/issues/6255",
            },
         ],
         release_date: "2020-12-09T08:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2021-05-18T15:28:08+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2021:1610",
            },
            {
               category: "workaround",
               details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
               product_ids: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used",
      },
      {
         cve: "CVE-2020-8286",
         cwe: {
            id: "CWE-295",
            name: "Improper Certificate Validation",
         },
         discovery_date: "2020-12-09T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1906096",
            },
         ],
         notes: [
            {
               category: "description",
               text: "Libcurl offers \"OCSP stapling\" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-status using the curl tool. As part of the OCSP response verification, a client should verify that the response is indeed set out for the correct certificate. This step was not performed by libcurl when built or told to use OpenSSL as TLS backend.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "curl: Inferior OCSP verification",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
               "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
               "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2020-8286",
            },
            {
               category: "external",
               summary: "RHBZ#1906096",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1906096",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2020-8286",
               url: "https://www.cve.org/CVERecord?id=CVE-2020-8286",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8286",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8286",
            },
            {
               category: "external",
               summary: "https://curl.se/docs/CVE-2020-8286.html",
               url: "https://curl.se/docs/CVE-2020-8286.html",
            },
         ],
         release_date: "2020-12-09T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2021-05-18T15:28:08+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2021:1610",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               products: [
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.src",
                  "BaseOS-8.4.0.GA:curl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-debugsource-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:curl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-debuginfo-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-devel-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-0:7.61.1-18.el8.x86_64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.aarch64",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.i686",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.ppc64le",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.s390x",
                  "BaseOS-8.4.0.GA:libcurl-minimal-debuginfo-0:7.61.1-18.el8.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "curl: Inferior OCSP verification",
      },
   ],
}

cve-2020-8231

Vulnerability from cvelistv5

Published

2020-12-14 19:39

Modified

2024-08-04 09:56

Severity ?

Summary

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

References

▼	URL	Tags
	https://hackerone.com/reports/948876	x_refsource_MISC
	https://curl.haxx.se/docs/CVE-2020-8231.html	x_refsource_MISC
	https://security.gentoo.org/glsa/202012-14	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4881	vendor-advisory, x_refsource_DEBIAN
	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/curl/curl	Version: libcurl 7.29.0 to and including 7.71.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.965Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/948876",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://curl.haxx.se/docs/CVE-2020-8231.html",
               },
               {
                  name: "GLSA-202012-14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202012-14",
               },
               {
                  name: "DSA-4881",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4881",
               },
               {
                  name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "https://github.com/curl/curl",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "libcurl 7.29.0 to and including 7.71.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "Use After Free (CWE-416)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-19T23:23:23",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/948876",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://curl.haxx.se/docs/CVE-2020-8231.html",
            },
            {
               name: "GLSA-202012-14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202012-14",
            },
            {
               name: "DSA-4881",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4881",
            },
            {
               name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8231",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "https://github.com/curl/curl",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "libcurl 7.29.0 to and including 7.71.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Use After Free (CWE-416)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/948876",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/948876",
                  },
                  {
                     name: "https://curl.haxx.se/docs/CVE-2020-8231.html",
                     refsource: "MISC",
                     url: "https://curl.haxx.se/docs/CVE-2020-8231.html",
                  },
                  {
                     name: "GLSA-202012-14",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202012-14",
                  },
                  {
                     name: "DSA-4881",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4881",
                  },
                  {
                     name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8231",
      datePublished: "2020-12-14T19:39:19",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.965Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8286

Vulnerability from cvelistv5

Published

2020-12-14 19:39

Modified

2024-11-15 15:30

Severity ?

Summary

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

References

▼	URL	Tags
	https://hackerone.com/reports/1048457	x_refsource_MISC
	https://curl.se/docs/CVE-2020-8286.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202012-14	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4881	vendor-advisory, x_refsource_DEBIAN
	http://seclists.org/fulldisclosure/2021/Apr/51	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Apr/50	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Apr/54	mailing-list, x_refsource_FULLDISC
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210122-0007/	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212325	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212326	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212327	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf	x_refsource_CONFIRM
	https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/curl/curl	Version: 7.41.0 to and including 7.73.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.324Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/1048457",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://curl.se/docs/CVE-2020-8286.html",
               },
               {
                  name: "FEDORA-2020-ceaf490686",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
               },
               {
                  name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
               },
               {
                  name: "FEDORA-2020-7ab62c73bc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
               },
               {
                  name: "GLSA-202012-14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202012-14",
               },
               {
                  name: "DSA-4881",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4881",
               },
               {
                  name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Apr/51",
               },
               {
                  name: "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Apr/50",
               },
               {
                  name: "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Apr/54",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212325",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212326",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212327",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-8286",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-15T15:29:39.778689Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-15T15:30:03.757Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "https://github.com/curl/curl",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "7.41.0 to and including 7.73.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-295",
                     description: "Improper Certificate Validation (CWE-295)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-19T23:23:30",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/1048457",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://curl.se/docs/CVE-2020-8286.html",
            },
            {
               name: "FEDORA-2020-ceaf490686",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
            },
            {
               name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
            },
            {
               name: "FEDORA-2020-7ab62c73bc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
            },
            {
               name: "GLSA-202012-14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202012-14",
            },
            {
               name: "DSA-4881",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4881",
            },
            {
               name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Apr/51",
            },
            {
               name: "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Apr/50",
            },
            {
               name: "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Apr/54",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212325",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212326",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212327",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8286",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "https://github.com/curl/curl",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "7.41.0 to and including 7.73.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Certificate Validation (CWE-295)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/1048457",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/1048457",
                  },
                  {
                     name: "https://curl.se/docs/CVE-2020-8286.html",
                     refsource: "MISC",
                     url: "https://curl.se/docs/CVE-2020-8286.html",
                  },
                  {
                     name: "FEDORA-2020-ceaf490686",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
                  },
                  {
                     name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
                  },
                  {
                     name: "FEDORA-2020-7ab62c73bc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
                  },
                  {
                     name: "GLSA-202012-14",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202012-14",
                  },
                  {
                     name: "DSA-4881",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4881",
                  },
                  {
                     name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2021/Apr/51",
                  },
                  {
                     name: "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2021/Apr/50",
                  },
                  {
                     name: "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2021/Apr/54",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210122-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212325",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212325",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212326",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212326",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212327",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212327",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8286",
      datePublished: "2020-12-14T19:39:28",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-11-15T15:30:03.757Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8285

Vulnerability from cvelistv5

Published

2020-12-14 19:39

Modified

2024-08-04 09:56

Severity ?

Summary

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

References

▼	URL	Tags
	https://hackerone.com/reports/1045844	x_refsource_MISC
	https://github.com/curl/curl/issues/6255	x_refsource_MISC
	https://curl.se/docs/CVE-2020-8285.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202012-14	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4881	vendor-advisory, x_refsource_DEBIAN
	http://seclists.org/fulldisclosure/2021/Apr/51	mailing-list, x_refsource_FULLDISC
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210122-0007/	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212325	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212326	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212327	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/curl/curl	Version: libcurl 7.21.0 to and including 7.73.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.307Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/1045844",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/curl/curl/issues/6255",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://curl.se/docs/CVE-2020-8285.html",
               },
               {
                  name: "FEDORA-2020-ceaf490686",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
               },
               {
                  name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
               },
               {
                  name: "FEDORA-2020-7ab62c73bc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
               },
               {
                  name: "GLSA-202012-14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202012-14",
               },
               {
                  name: "DSA-4881",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4881",
               },
               {
                  name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Apr/51",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212325",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212326",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212327",
               },
               {
                  name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "https://github.com/curl/curl",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "libcurl 7.21.0 to and including 7.73.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-674",
                     description: "Uncontrolled Recursion (CWE-674)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-19T23:23:28",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/1045844",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/curl/curl/issues/6255",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://curl.se/docs/CVE-2020-8285.html",
            },
            {
               name: "FEDORA-2020-ceaf490686",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
            },
            {
               name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
            },
            {
               name: "FEDORA-2020-7ab62c73bc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
            },
            {
               name: "GLSA-202012-14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202012-14",
            },
            {
               name: "DSA-4881",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4881",
            },
            {
               name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Apr/51",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212325",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212326",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212327",
            },
            {
               name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8285",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "https://github.com/curl/curl",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "libcurl 7.21.0 to and including 7.73.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Uncontrolled Recursion (CWE-674)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/1045844",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/1045844",
                  },
                  {
                     name: "https://github.com/curl/curl/issues/6255",
                     refsource: "MISC",
                     url: "https://github.com/curl/curl/issues/6255",
                  },
                  {
                     name: "https://curl.se/docs/CVE-2020-8285.html",
                     refsource: "MISC",
                     url: "https://curl.se/docs/CVE-2020-8285.html",
                  },
                  {
                     name: "FEDORA-2020-ceaf490686",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
                  },
                  {
                     name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
                  },
                  {
                     name: "FEDORA-2020-7ab62c73bc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
                  },
                  {
                     name: "GLSA-202012-14",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202012-14",
                  },
                  {
                     name: "DSA-4881",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4881",
                  },
                  {
                     name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2021/Apr/51",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210122-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212325",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212325",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212326",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212326",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212327",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212327",
                  },
                  {
                     name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8285",
      datePublished: "2020-12-14T19:39:04",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.307Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8284

Vulnerability from cvelistv5

Published

2020-12-14 19:38

Modified

2024-08-04 09:56

Severity ?

Summary

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

References

▼	URL	Tags
	https://hackerone.com/reports/1040166	x_refsource_MISC
	https://curl.se/docs/CVE-2020-8284.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202012-14	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4881	vendor-advisory, x_refsource_DEBIAN
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210122-0007/	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212325	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212326	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212327	x_refsource_CONFIRM
	https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/curl/curl	Version: 7.73.0 and earlier

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.316Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/1040166",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://curl.se/docs/CVE-2020-8284.html",
               },
               {
                  name: "FEDORA-2020-ceaf490686",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
               },
               {
                  name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
               },
               {
                  name: "FEDORA-2020-7ab62c73bc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
               },
               {
                  name: "GLSA-202012-14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202012-14",
               },
               {
                  name: "DSA-4881",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4881",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212325",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212326",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212327",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "https://github.com/curl/curl",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "7.73.0 and earlier",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "Information Disclosure (CWE-200)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-19T23:23:26",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/1040166",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://curl.se/docs/CVE-2020-8284.html",
            },
            {
               name: "FEDORA-2020-ceaf490686",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
            },
            {
               name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
            },
            {
               name: "FEDORA-2020-7ab62c73bc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
            },
            {
               name: "GLSA-202012-14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202012-14",
            },
            {
               name: "DSA-4881",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4881",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212325",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212326",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT212327",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8284",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "https://github.com/curl/curl",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "7.73.0 and earlier",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure (CWE-200)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://hackerone.com/reports/1040166",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/1040166",
                  },
                  {
                     name: "https://curl.se/docs/CVE-2020-8284.html",
                     refsource: "MISC",
                     url: "https://curl.se/docs/CVE-2020-8284.html",
                  },
                  {
                     name: "FEDORA-2020-ceaf490686",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
                  },
                  {
                     name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
                  },
                  {
                     name: "FEDORA-2020-7ab62c73bc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
                  },
                  {
                     name: "GLSA-202012-14",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202012-14",
                  },
                  {
                     name: "DSA-4881",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4881",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210122-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210122-0007/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212325",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212325",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212326",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212326",
                  },
                  {
                     name: "https://support.apple.com/kb/HT212327",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT212327",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8284",
      datePublished: "2020-12-14T19:38:26",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.316Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2021:1610

Vulnerability from csaf_redhat

cve-2020-8231

Vulnerability from cvelistv5

cve-2020-8286

Vulnerability from cvelistv5

cve-2020-8285

Vulnerability from cvelistv5

cve-2020-8284

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature