CVE-2020-8285

🗓️ 14 Dec 2020 19:39:04Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 328 Views

curl 7.21.0 to 7.73.0 vulnerability in FTP wildcard match parsing

Reporter	Title	Published	Views	Family All 184
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	27 Jan 202123:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286)	15 Mar 202117:09	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)	4 Jun 202116:40	–	ibm
IBM Security Bulletins	Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)	4 Jun 202101:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities	3 Dec 202118:52	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (Multiple CVEs)	22 Apr 202212:50	–	ibm
FreeBSD	cURL -- Multiple vulnerabilities	9 Dec 202000:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : curl (ALAS-2021-1693)	6 Aug 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0078: curl (ALINUX3-SA-2021:0078)	14 May 202500:00	–	nessus

NVD

Vulners

Node

haxx libcurlRange7.21.0–7.74.0

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

fedoraproject fedoraMatch32

fedoraproject fedoraMatch33

Node

netapp clustered_data_ontapMatch-

netapp hci_management_nodeMatch-

netapp solidfireMatch-

Node

netapp hci_bootstrap_osMatch-

AND

netapp hci_compute_nodeMatch-

Node

netapp hci_storage_node_firmwareMatch-

AND

netapp hci_storage_nodeMatch-

Node

apple mac_os_xRange<10.14.6

apple mac_os_xRange10.15–10.15.7

apple mac_os_xMatch10.14.6-

apple mac_os_xMatch10.14.6security_update_2019-001

apple mac_os_xMatch10.14.6security_update_2019-002

apple mac_os_xMatch10.14.6security_update_2020-001

apple mac_os_xMatch10.14.6security_update_2020-002

apple mac_os_xMatch10.14.6security_update_2020-003

apple mac_os_xMatch10.14.6security_update_2020-004

apple mac_os_xMatch10.14.6security_update_2020-005

apple mac_os_xMatch10.14.6security_update_2020-006

apple mac_os_xMatch10.14.6security_update_2020-007

apple mac_os_xMatch10.14.6security_update_2021-001

apple mac_os_xMatch10.15.7-

apple mac_os_xMatch10.15.7security_update_2020-001

apple mac_os_xMatch10.15.7security_update_2021-001

apple mac_os_xMatch10.15.7supplemental_update

apple macosRange11.0–11.3

Node

oracle communications_billing_and_revenue_managementMatch12.0.0.3.0

oracle communications_cloud_native_core_policyMatch1.14.0

oracle essbaseMatch21.2

oracle peoplesoft_enterprise_peopletoolsMatch8.58

Node

fujitsu m10-1_firmwareRange<xcp2410

AND

fujitsu m10-1Match-

Node

fujitsu m10-4_firmwareRange<xcp2410

AND

fujitsu m10-4Match-

Node

fujitsu m10-4s_firmwareRange<xcp2410

AND

fujitsu m10-4sMatch-

Node

fujitsu m12-1_firmwareRange<xcp2410

AND

fujitsu m12-1Match-

Node

fujitsu m12-2_firmwareRange<xcp2410

AND

fujitsu m12-2Match-

Node

fujitsu m12-2s_firmwareRange<xcp2410

AND

fujitsu m12-2sMatch-

Node

fujitsu m10-1_firmwareRange<xcp3110

AND

fujitsu m10-1Match-

Node

fujitsu m10-4_firmwareRange<xcp3110

AND

fujitsu m10-4Match-

Node

fujitsu m10-4s_firmwareRange<xcp3110

AND

fujitsu m10-4sMatch-

Node

fujitsu m12-1_firmwareRange<xcp3110

AND

fujitsu m12-1Match-

Node

fujitsu m12-2_firmwareRange<xcp3110

AND

fujitsu m12-2Match-

Node

fujitsu m12-2s_firmwareRange<xcp3110

AND

fujitsu m12-2sMatch-

Node

siemens sinec_infrastructure_network_servicesRange<1.0.1.1

Node

splunk universal_forwarderRange8.2.0–8.2.12

splunk universal_forwarderRange9.0.0–9.0.6

splunk universal_forwarderMatch9.1.0

[
  {
    "product": "https://github.com/curl/curl",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "libcurl 7.21.0 to and including 7.73.0"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
hackerone	www.hackerone.com/reports/1045844
seclists	www.seclists.org/fulldisclosure/2021/Apr/51
lists	www.lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuApr2021.html
lists	www.lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
curl	www.curl.se/docs/CVE-2020-8285.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
oracle	www.oracle.com/security-alerts/cpuapr2022.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

16 Apr 2026 15:16Current

7.7High risk

Vulners AI Score7.7

CVSS 25

CVSS 3.17.5

EPSS0.00742

SSVC