SNOW-301849: CVE-2020-8285 (High) detected in curlcurl-7_68_0
Closed this issue · 0 comments
CVE-2020-8285 - High Severity Vulnerability
Vulnerable Library - curlcurl-7_68_0
A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features
Library home page: https://github.com/bagder/curl.git
Found in HEAD commit: 5b110184c4e8c439495907c7d1359fe4eb4f8a6c
Found in base branch: master
Vulnerable Source Files (2)
libsnowflakeclient/deps/curl-7.68.0/lib/ftp.c
libsnowflakeclient/deps/curl-7.68.0/lib/ftp.c
Vulnerability Details
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
Publish Date: 2020-12-14
URL: CVE-2020-8285
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://curl.se/docs/CVE-2020-8285.html
Release Date: 2020-07-21
Fix Resolution: 7.74.0