VDB

GCVE-VVD-MAGEIA-2020-482

GCVE-VVD-MAGEIA-2020-482
Advisory Published
Vulnetix · Advisory published December 31, 2020
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. (CVE-2020-8231). A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. (CVE-2020-8284). curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. (CVE-2020-8285). curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiacurl0 (affected), 7.71.0-1.1.mga7 (unaffected)

References

Updated curl packages fix security vulnerabilities
advisory
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
issue
Updated curl packages fix security vulnerabilities
advisory
Updated curl packages fix security vulnerabilities
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›