Low severity3.7NVD Advisory· Published Dec 14, 2020· Updated Apr 16, 2026

CVE-2020-8284

Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Affected products

Haxx/Curl
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Range: <=7.73.0
NetApp/Clustered Data Ontap
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
NetApp/Hci Management Node
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
NetApp/Solidfire
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Oracle Corporation/Communications Billing And Revenue Management
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
Oracle Corporation/Communications Cloud Native Core Policy
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Oracle Corporation/Essbase
cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
Oracle Corporation/Peoplesoft Enterprise Peopletools
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Siemens Foundation/Sinec Infrastructure Network Services
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Range: <1.0.1.1
Splunk/Universal Forwarder2 versions
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
NetApp/Hci Storage Node
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Apple Inc./macOS3 versions
cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*
Apple Inc./Mac Os X25 versions
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: >=10.14.0,<10.14.6
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Fujitsu/M10 1 Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M10 4 Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M10 4s Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 1 Firmware
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 2 Firmware
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 2s Firmware
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
NetApp/Hci Bootstrap Os
cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdPatchThird Party Advisory
www.oracle.com//security-alerts/cpujul2021.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
curl.se/docs/CVE-2020-8284.htmlnvdVendor Advisory
lists.debian.org/debian-lts-announce/2020/12/msg00029.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/nvdMailing ListThird Party Advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/202012-14nvdThird Party Advisory
security.netapp.com/advisory/ntap-20210122-0007/nvdThird Party Advisory
support.apple.com/kb/HT212325nvdThird Party Advisory
support.apple.com/kb/HT212326nvdThird Party Advisory
support.apple.com/kb/HT212327nvdThird Party Advisory
www.debian.org/security/2021/dsa-4881nvdThird Party Advisory
hackerone.com/reports/1040166nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000