Lucene search

K
ubuntuUbuntuUSN-4665-2
HistoryDec 09, 2020 - 12:00 a.m.

curl vulnerabilities

2020-12-0900:00:00
ubuntu.com
46

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

Low

EPSS

0.007

Percentile

80.5%

Releases

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

USN-4665-1 fixed several vulnerabilities in curl. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV
responses. An attacker could possibly use this issue to trick curl into
connecting to an arbitrary IP address and be used to perform port scanner
and other information gathering. (CVE-2020-8284)

It was discovered that curl incorrectly handled FTP wildcard matchins. A
remote attacker could possibly use this issue to cause curl to consume
resources and crash, resulting in a denial of service. (CVE-2020-8285)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlibcurl3-gnutls< 7.35.0-1ubuntu2.20+esm6UNKNOWN
Ubuntu14.04noarchcurl< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchcurl-dbgsym< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchcurl-udeb< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchcurl-udeb-dbgsym< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchlibcurl3< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchlibcurl3-dbg< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchlibcurl3-dbgsym< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchlibcurl3-gnutls< 7.35.0-1ubuntu2.20UNKNOWN
Ubuntu14.04noarchlibcurl3-gnutls-dbgsym< 7.35.0-1ubuntu2.20UNKNOWN
Rows per page:
1-10 of 331

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

Low

EPSS

0.007

Percentile

80.5%