Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

  • Published: Dec 14, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-8284
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 3.7
  • AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
haxx / curl - 7.73.0.x
fedoraproject / fedora 32 32.x
fedoraproject / fedora 33 33.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
apple / mac_os_x 10.15 10.15.7
apple / mac_os_x 10.14.0 10.14.6
apple / mac_os_x 10.14.6-security_update_2020-001 10.14.6-security_update_2020-001.x
apple / mac_os_x 10.14.6-security_update_2020-002 10.14.6-security_update_2020-002.x
apple / mac_os_x 10.14.6-security_update_2020-003 10.14.6-security_update_2020-003.x
apple / mac_os_x 10.14.6-security_update_2020-004 10.14.6-security_update_2020-004.x
apple / mac_os_x 10.14.6-security_update_2020-005 10.14.6-security_update_2020-005.x
apple / mac_os_x 10.14.6-security_update_2020-006 10.14.6-security_update_2020-006.x
apple / mac_os_x 10.14.6-security_update_2019-007 10.14.6-security_update_2019-007.x
apple / mac_os_x 10.14.6-security_update_2019-004 10.14.6-security_update_2019-004.x
apple / mac_os_x 10.14.6-security_update_2019-005 10.14.6-security_update_2019-005.x
apple / mac_os_x 10.14.6-security_update_2019-006 10.14.6-security_update_2019-006.x
apple / mac_os_x 10.14.6-supplemental_update 10.14.6-supplemental_update.x
apple / mac_os_x 10.14.6-supplemental_update_2 10.14.6-supplemental_update_2.x
apple / mac_os_x 10.15.7-supplemental_update 10.15.7-supplemental_update.x
apple / mac_os_x 10.15.7-security_update_2020-005 10.15.7-security_update_2020-005.x
apple / mac_os_x 10.15.7-security_update_2020-007 10.15.7-security_update_2020-007.x
apple / mac_os_x 10.15.7 10.15.7.x
apple / mac_os_x 10.14.6-security_update_2020-007 10.14.6-security_update_2020-007.x
apple / mac_os_x 10.14.6-security_update_2019-001 10.14.6-security_update_2019-001.x
apple / mac_os_x 10.14.6-security_update_2019-002 10.14.6-security_update_2019-002.x
apple / mac_os_x 10.15.7-security_update_2020-001 10.15.7-security_update_2020-001.x
apple / mac_os_x 10.15.7-security_update_2020 10.15.7-security_update_2020.x
apple / mac_os_x 10.14.6-security_update_2021-001 10.14.6-security_update_2021-001.x
apple / mac_os_x 10.14.6-security_update_2021-002 10.14.6-security_update_2021-002.x
apple / mac_os_x 10.15.7-security_update_2021-001 10.15.7-security_update_2021-001.x
apple / macos 11.0.1 11.0.1.x
apple / macos 11.1 11.1.x
apple / macos 11.2 11.2.x
oracle / peoplesoft_enterprise_peopletools 8.58 8.58.x
oracle / communications_billing_and_revenue_management 12.0.0.3.0 12.0.0.3.0.x
oracle / essbase 21.2 21.2.x
oracle / communications_cloud_native_core_policy 1.14.0 1.14.0.x
fujitsu / m10-1_firmware - xcp2410
fujitsu / m10-4_firmware - xcp2410
fujitsu / m10-4s_firmware - xcp2410
fujitsu / m12-1_firmware - xcp2410
fujitsu / m12-2_firmware - xcp2410
fujitsu / m12-2s_firmware - xcp2410
fujitsu / m10-1_firmware - xcp3110
fujitsu / m10-4_firmware - xcp3110
fujitsu / m10-4s_firmware - xcp3110
fujitsu / m12-1_firmware - xcp3110
fujitsu / m12-2_firmware - xcp3110
fujitsu / m12-2s_firmware - xcp3110
siemens / sinec_infrastructure_network_services - 1.0.1.1
splunk / universal_forwarder 9.1.0 9.1.0.x
splunk / universal_forwarder 9.0.0 9.0.6
splunk / universal_forwarder 8.2.0 8.2.12