High severity7.5NVD Advisory· Published Dec 14, 2020· Updated Apr 16, 2026

CVE-2020-8285

Description

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

Affected products

Haxx/Libcurl
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Range: >=7.21.0,<7.74.0
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
NetApp/Clustered Data Ontap
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
NetApp/Hci Management Node
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
NetApp/Solidfire
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
NetApp/Hci Bootstrap Os
cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
NetApp/Hci Storage Node Firmware
cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*
Apple Inc./Mac Os X16 versions
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <10.14.6
- cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=11.0,<11.3
Oracle Corporation/Communications Billing And Revenue Management
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
Oracle Corporation/Communications Cloud Native Core Policy
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Oracle Corporation/Essbase
cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
Oracle Corporation/Peoplesoft Enterprise Peopletools
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Fujitsu/M10 1 Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M10 4 Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M10 4s Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 1 Firmware
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 2 Firmware
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Fujitsu/M12 2s Firmware
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Range: <xcp2410
Siemens Foundation/Sinec Infrastructure Network Services
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Range: <1.0.1.1
Splunk/Universal Forwarder2 versions
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*

Patches

e052859759b3

https://github.com/curl/curlvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdPatchThird Party Advisory
www.oracle.com//security-alerts/cpujul2021.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party Advisory
www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
github.com/curl/curl/issues/6255nvdExploitThird Party Advisory
seclists.org/fulldisclosure/2021/Apr/51nvdMailing ListThird Party Advisory
curl.se/docs/CVE-2020-8285.htmlnvdVendor Advisory
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3EnvdMailing ListThird Party Advisory
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3EnvdMailing ListThird Party Advisory
lists.debian.org/debian-lts-announce/2020/12/msg00029.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/nvdMailing ListThird Party Advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/202012-14nvdThird Party Advisory
security.netapp.com/advisory/ntap-20210122-0007/nvdThird Party Advisory
support.apple.com/kb/HT212325nvdThird Party Advisory
support.apple.com/kb/HT212326nvdThird Party Advisory
support.apple.com/kb/HT212327nvdThird Party Advisory
www.debian.org/security/2021/dsa-4881nvdThird Party Advisory
hackerone.com/reports/1045844nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000