CVE-2020-12062

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-12062
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12062.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-12062
Downstream
Published
2020-06-01T16:15:14.260Z
Modified
2026-04-11T09:46:17.637251Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.

References

Affected packages

Git / github.com/openssh/openssh-portable

Affected ranges

Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8
Fixed
955854cafca88e0cdcd3d09ca1ad4ada465364a1
Fixed
aad87b88fc2536b1ea023213729aaf4eaabe1894
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.2"
        }
    ]
}

Affected versions

Other
ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
V_4_2_P1
V_5_0_P1
V_5_1_P1
V_5_2_P1
V_5_5_P1
V_5_7_P1
V_6_0_P1
V_6_1_P1
V_6_2_P1
V_6_5_P1
V_6_6_P1
V_6_8_P1
V_6_9_P1
V_7_0_P1
V_7_1_P1
V_7_2_P1
V_7_3_P1
V_7_4_P1
V_7_5_P1
V_7_6_P1
V_7_7_P1
V_7_8_P1
V_7_9_P1
V_8_0_P1
V_8_1_P1
V_8_2_P1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12062.json"
vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "302129403808892202751107050716447255615",
                "275137382540473504567894507747715995732",
                "45176824089903249431708505459288988025",
                "42650369721984932448816373549365574476",
                "314108161380745870756091828391071409453",
                "252639239344775007717805267459386561729",
                "72105134252708737273865218759451754542"
            ]
        },
        "id": "CVE-2020-12062-39b5eba3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1",
        "target": {
            "file": "scp.c"
        }
    },
    {
        "digest": {
            "length": 7438.0,
            "function_hash": "308835858213114162198892540639498415372"
        },
        "id": "CVE-2020-12062-5a382a4a",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894",
        "target": {
            "function": "sink",
            "file": "scp.c"
        }
    },
    {
        "digest": {
            "length": 7309.0,
            "function_hash": "53767624059814337072386877210542493620"
        },
        "id": "CVE-2020-12062-bbe3b781",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1",
        "target": {
            "function": "sink",
            "file": "scp.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "302129403808892202751107050716447255615",
                "61496626747140544398979270959802250337",
                "105281468172136327410663188044829880047",
                "293086554244749760996224232632839202874",
                "195580148751312565129272299131552896937",
                "62754827386723772314164487033068467017",
                "91093795874406203199923314780689690889",
                "80045310575686873502304491569063636326",
                "216708028325650026613906611124598911895",
                "267214818528553513843417207949989865888",
                "158765245001692313972144118478747865578",
                "63414735354029722476490127892069240261",
                "314107255444949948815984305294921132903",
                "201088216718883056700857280629973156629",
                "192212028164403779901204360561621057224",
                "286506792761042218734818531975141235256",
                "312896476630618715842742833924651703324",
                "259473706127982983889351032975980407183",
                "83000181967295068208842514600926261038",
                "298663435118826884884272883130815331165",
                "340082788827716859391783667820415712955",
                "326618909914868997460470207450912218422",
                "99829469656728677142853516466680587890",
                "230402224464303796741997104396757960968",
                "320410734860795843535174816443548679230",
                "267570367607961992878385030191633367489",
                "107061597165021500066445911238415806697",
                "289806356720044768963146637049321452513",
                "260243960107050248855121312637325053785",
                "194739225682844158562181970494530443265",
                "34499920914559173517755965082450825738",
                "230496892850040593828802571910537797660",
                "74513331631071103180190260695109362823",
                "50008340652810922499358525931181772376",
                "120885392690054934491661619585679522125",
                "287194043963274900998509721959613721900",
                "44458747903698616006063348483371826694",
                "316508546691672080059414059357830782303",
                "233252030710543796505253211883348519163",
                "251303294524522309215060758302019394472",
                "261154285554809755028701011917230766619",
                "47604260138662383895696611698600606594",
                "82716757682974634598437456806798515326",
                "339562628026380855405821253447149174583",
                "174443632761763456194541611876468838629",
                "72865323631324555086594722244066789044",
                "155970464046432105937355881038114428248",
                "252556976983114577220887832534745663516",
                "82716757682974634598437456806798515326",
                "339562628026380855405821253447149174583",
                "280795950746436728426598436267220946453",
                "94853005640295156301536530480763509522",
                "153436855944483167225029325803028562593",
                "105751830035293369313241438730120389474",
                "72179151947409486518325703207179625135",
                "175621170897981045447164479825797579092",
                "277668653804583582479783918364773324982",
                "113991484183080694382335885884042736886",
                "168597542689955321354994213937711084361",
                "240419536269667880525330408125200418703",
                "33151099816884254792673513434906421922",
                "224529968258468223378229755745745961869",
                "152713584736817055945937143365665948725",
                "211946117988160896391161643716436042818",
                "316178308796585714024499955083089956470",
                "280795950746436728426598436267220946453",
                "18680688248253541108941255092917070201",
                "131212689586534513628691939966476177107",
                "222724721650718470349355510096094049112",
                "260229717884042119955419045501957239876",
                "298524835033959019491944943615422372491",
                "208880212106049173201109273280066256456",
                "20580524280090512475815308110071033145",
                "331933004902524566911166121531619289335",
                "300670216331995004139625650417842821291",
                "207336144161194161842375081300721617949",
                "77189386757872489944687781701598284719",
                "293219870560737882010165752088878138796",
                "269276677097489836684562413862894015645",
                "144770580281188077559439423940497599709",
                "283101901284502727108791913409430652930",
                "212763019808253940086989854761979559026"
            ]
        },
        "id": "CVE-2020-12062-dc39e314",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894",
        "target": {
            "file": "scp.c"
        }
    }
]
vanir_signatures_modified 
"2026-04-11T09:46:17Z"