CVE-2020-8231

nvd nist

Published: Dec 14, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Affected (7)

Products: Haxx: Libcurl · Siemens: Sinec Infrastructure Network Services · Debian: Debian Linux · +2 more

Show all products

Haxx: Libcurl · Siemens: Sinec Infrastructure Network Services · Debian: Debian Linux · Oracle: Communications Cloud Native Core Policy · Splunk: Universal Forwarder

Haxx

1 product

Libcurl

Siemens

1 product

Sinec Infrastructure Network Services

Debian

1 product

Debian Linux

Oracle

1 product

Communications Cloud Native Core Policy

Splunk

1 product

Universal Forwarder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Libcurl	From 7.29.0 to 7.71.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Infrastructure Network Services	Before 1.0.1.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Policy	Version 1.14.0

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Splunk Universal Forwarder	From 8.2.0 to 8.2.12
Splunk Universal Forwarder	From 9.0.0 to 9.0.6
Splunk Universal Forwarder	Version 9.1.0

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (16)

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: support@hackerone.com

PatchThird Party Advisory

https://curl.haxx.se/docs/CVE-2020-8231.html

Source: support@hackerone.com

PatchThird Party Advisory

https://hackerone.com/reports/948876

Source: support@hackerone.com

ExploitIssue TrackingPatchThird Party Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: support@hackerone.com

Mailing ListThird Party Advisory

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: support@hackerone.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202012-14

Source: support@hackerone.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-4881

Source: support@hackerone.com

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: support@hackerone.com

PatchThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf