Low severity3.7NVD Advisory· Published Dec 14, 2020· Updated Apr 16, 2026
CVE-2020-8284
CVE-2020-8284
Description
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
67- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*Range: <1.0.1.1
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: >=10.14.0,<10.14.6
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
- osv-coords15 versionspkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/curl-mini&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/curl-mini&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 7.60.0-lp151.5.18.1+ 14 more
- (no CPE)range: < 7.60.0-lp151.5.18.1
- (no CPE)range: < 7.66.0-lp152.3.12.1
- (no CPE)range: < 7.79.1-1.1
- (no CPE)range: < 7.60.0-lp151.5.18.1
- (no CPE)range: < 7.66.0-lp152.3.12.1
- (no CPE)range: < 7.60.0-3.35.1
- (no CPE)range: < 7.66.0-4.11.1
- (no CPE)range: < 7.60.0-4.20.1
- (no CPE)range: < 7.60.0-11.9.1
- (no CPE)range: < 7.60.0-4.20.1
- (no CPE)range: < 7.60.0-11.9.1
- (no CPE)range: < 7.60.0-11.9.1
- (no CPE)range: < 7.60.0-4.20.1
- (no CPE)range: < 7.60.0-4.20.1
- (no CPE)range: < 7.37.0-70.57.1
Patches
Vulnerability mechanics
References
16- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdPatchThird Party Advisory
- www.oracle.com//security-alerts/cpujul2021.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
- curl.se/docs/CVE-2020-8284.htmlnvdVendor Advisory
- lists.debian.org/debian-lts-announce/2020/12/msg00029.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/nvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202012-14nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20210122-0007/nvdThird Party Advisory
- support.apple.com/kb/HT212325nvdThird Party Advisory
- support.apple.com/kb/HT212326nvdThird Party Advisory
- support.apple.com/kb/HT212327nvdThird Party Advisory
- www.debian.org/security/2021/dsa-4881nvdThird Party Advisory
- hackerone.com/reports/1040166nvdPermissions Required
News mentions
0No linked articles in our index yet.