CVE-2020-8284

low Splunk
CVSS v3 Base Score
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 72% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Published: December 14, 2020 (1977 days ago)
Last Modified: April 16, 2026
Vendor: Splunk
Source: NVD

Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

CWE

CWE-200

Affected Products

haxx curlfedoraproject fedoradebian debian linuxnetapp clustered data ontapnetapp hci management nodenetapp solidfirenetapp hci storage nodenetapp hci bootstrap osapple mac os xapple macos

References

🔗 cert-portal.siemens.com 🔗 curl.se 🔗 hackerone.com 🔗 lists.debian.org 🔗 lists.fedoraproject.org