CVE-2020-12062
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-12062
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12062.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-12062
- Downstream
- Published
- 2020-06-01T16:15:14Z
- Modified
- 2025-10-21T05:18:25.580753Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.
- Database specific
{ "isDisputed": true }- References
Affected packages
Git / github.com/openssh/openssh-portable
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssh/openssh-portable
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
V_4_2_P1
V_5_0_P1
V_5_1_P1
V_5_2_P1
V_5_5_P1
V_5_7_P1
V_6_0_P1
V_6_1_P1
V_6_2_P1
V_6_5_P1
V_6_6_P1
V_6_8_P1
V_6_9_P1
V_7_0_P1
V_7_1_P1
V_7_2_P1
V_7_3_P1
V_7_4_P1
V_7_5_P1
V_7_6_P1
V_7_7_P1
V_7_8_P1
V_7_9_P1
V_8_0_P1
V_8_1_P1
V_8_2_P1
Database specific
vanir_signatures
[
{
"source": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1",
"target": {
"file": "scp.c"
},
"digest": {
"line_hashes": [
"302129403808892202751107050716447255615",
"275137382540473504567894507747715995732",
"45176824089903249431708505459288988025",
"42650369721984932448816373549365574476",
"314108161380745870756091828391071409453",
"252639239344775007717805267459386561729",
"72105134252708737273865218759451754542"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-12062-39b5eba3",
"signature_type": "Line"
},
{
"source": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894",
"target": {
"function": "sink",
"file": "scp.c"
},
"digest": {
"function_hash": "308835858213114162198892540639498415372",
"length": 7438.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-12062-5a382a4a",
"signature_type": "Function"
},
{
"source": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1",
"target": {
"function": "sink",
"file": "scp.c"
},
"digest": {
"function_hash": "53767624059814337072386877210542493620",
"length": 7309.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-12062-bbe3b781",
"signature_type": "Function"
},
{
"source": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894",
"target": {
"file": "scp.c"
},
"digest": {
"line_hashes": [
"302129403808892202751107050716447255615",
"61496626747140544398979270959802250337",
"105281468172136327410663188044829880047",
"293086554244749760996224232632839202874",
"195580148751312565129272299131552896937",
"62754827386723772314164487033068467017",
"91093795874406203199923314780689690889",
"80045310575686873502304491569063636326",
"216708028325650026613906611124598911895",
"267214818528553513843417207949989865888",
"158765245001692313972144118478747865578",
"63414735354029722476490127892069240261",
"314107255444949948815984305294921132903",
"201088216718883056700857280629973156629",
"192212028164403779901204360561621057224",
"286506792761042218734818531975141235256",
"312896476630618715842742833924651703324",
"259473706127982983889351032975980407183",
"83000181967295068208842514600926261038",
"298663435118826884884272883130815331165",
"340082788827716859391783667820415712955",
"326618909914868997460470207450912218422",
"99829469656728677142853516466680587890",
"230402224464303796741997104396757960968",
"320410734860795843535174816443548679230",
"267570367607961992878385030191633367489",
"107061597165021500066445911238415806697",
"289806356720044768963146637049321452513",
"260243960107050248855121312637325053785",
"194739225682844158562181970494530443265",
"34499920914559173517755965082450825738",
"230496892850040593828802571910537797660",
"74513331631071103180190260695109362823",
"50008340652810922499358525931181772376",
"120885392690054934491661619585679522125",
"287194043963274900998509721959613721900",
"44458747903698616006063348483371826694",
"316508546691672080059414059357830782303",
"233252030710543796505253211883348519163",
"251303294524522309215060758302019394472",
"261154285554809755028701011917230766619",
"47604260138662383895696611698600606594",
"82716757682974634598437456806798515326",
"339562628026380855405821253447149174583",
"174443632761763456194541611876468838629",
"72865323631324555086594722244066789044",
"155970464046432105937355881038114428248",
"252556976983114577220887832534745663516",
"82716757682974634598437456806798515326",
"339562628026380855405821253447149174583",
"280795950746436728426598436267220946453",
"94853005640295156301536530480763509522",
"153436855944483167225029325803028562593",
"105751830035293369313241438730120389474",
"72179151947409486518325703207179625135",
"175621170897981045447164479825797579092",
"277668653804583582479783918364773324982",
"113991484183080694382335885884042736886",
"168597542689955321354994213937711084361",
"240419536269667880525330408125200418703",
"33151099816884254792673513434906421922",
"224529968258468223378229755745745961869",
"152713584736817055945937143365665948725",
"211946117988160896391161643716436042818",
"316178308796585714024499955083089956470",
"280795950746436728426598436267220946453",
"18680688248253541108941255092917070201",
"131212689586534513628691939966476177107",
"222724721650718470349355510096094049112",
"260229717884042119955419045501957239876",
"298524835033959019491944943615422372491",
"208880212106049173201109273280066256456",
"20580524280090512475815308110071033145",
"331933004902524566911166121531619289335",
"300670216331995004139625650417842821291",
"207336144161194161842375081300721617949",
"77189386757872489944687781701598284719",
"293219870560737882010165752088878138796",
"269276677097489836684562413862894015645",
"144770580281188077559439423940497599709",
"283101901284502727108791913409430652930",
"212763019808253940086989854761979559026"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-12062-dc39e314",
"signature_type": "Line"
}
]