CVE-2020-8169

CVE-2020-8169

Name

CVE-2020-8169

Description

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://hackerone.com/reports/874778
Vendor Advisory	https://curl.se/docs/CVE-2020-8169.html
DEBIAN	https://www.debian.org/security/2021/dsa-4881
Third Party Advisory	https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
Patch	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Type

URI

Exploit

https://hackerone.com/reports/874778

Vendor Advisory

https://curl.se/docs/CVE-2020-8169.html

DEBIAN

https://www.debian.org/security/2021/dsa-4881

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf

Patch

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:haxx:curl::::::::`	curl	>= 7.62.0	<= 7.70.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

curl

>= 7.62.0

<= 7.70.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
curl	edge-main	7.71.0-r0	None	fixed
curl	edge-main	7.66.0-r0	None	possibly vulnerable
curl	edge-main	7.65.0-r0	None	possibly vulnerable
curl	edge-main	7.64.0-r0	None	possibly vulnerable
curl	edge-main	7.62.0-r0	None	possibly vulnerable
curl	3.22-main	7.71.0-r0	None	fixed
curl	3.22-main	7.66.0-r0	None	possibly vulnerable
curl	3.22-main	7.65.0-r0	None	possibly vulnerable
curl	3.22-main	7.64.0-r0	None	possibly vulnerable
curl	3.22-main	7.62.0-r0	None	possibly vulnerable
curl	3.21-main	7.71.0-r0	None	fixed
curl	3.21-main	7.66.0-r0	None	possibly vulnerable
curl	3.21-main	7.65.0-r0	None	possibly vulnerable
curl	3.21-main	7.64.0-r0	None	possibly vulnerable
curl	3.21-main	7.62.0-r0	None	possibly vulnerable
curl	3.20-main	7.71.0-r0	None	fixed
curl	3.20-main	7.66.0-r0	None	possibly vulnerable
curl	3.20-main	7.65.0-r0	None	possibly vulnerable
curl	3.20-main	7.64.0-r0	None	possibly vulnerable
curl	3.20-main	7.62.0-r0	None	possibly vulnerable
curl	3.19-main	7.71.0-r0	None	fixed
curl	3.19-main	7.66.0-r0	None	possibly vulnerable
curl	3.19-main	7.65.0-r0	None	possibly vulnerable
curl	3.19-main	7.64.0-r0	None	possibly vulnerable
curl	3.19-main	7.62.0-r0	None	possibly vulnerable
curl	3.18-main	7.71.0-r0	None	fixed
curl	3.17-main	7.71.0-r0	None	fixed
curl	3.12-main	7.69.1-r1	None	fixed
curl	3.11-main	7.67.0-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.11-main	7.67.0-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.11-main	7.67.0-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.11-main	7.67.0-r1	None	fixed
curl	3.10-main	7.66.0-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.10-main	7.66.0-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.10-main	7.66.0-r1	None	fixed

Source package

Branch

Version

Maintainer

Status

curl

edge-main

7.71.0-r0

None

fixed

curl

edge-main