High severity7.8NVD Advisory· Published Dec 14, 2020· Updated Apr 15, 2026

CVE-2020-8177

Description

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Affected products

Haxx/Curl
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Range: >=7.20.0,<=7.70.0
Siemens Foundation/Sinec Infrastructure Network Services
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Range: <1.0.1.1
Splunk/Universal Forwarder2 versions
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Fujitsu/M10 1 Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M10 4 Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M10 4s Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 1 Firmware
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 2 Firmware
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 2s Firmware
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
hackerone.com/reports/887462nvdExploitThird Party Advisory
curl.se/docs/CVE-2020-8177.htmlnvdVendor Advisory
www.debian.org/security/2021/dsa-4881nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000