CVE-2020-7670
- Source
- https://cve.org/CVERecord?id=CVE-2020-7670
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7670.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-7670
- Related
- Published
- 2020-06-10T16:15:10.540Z
- Modified
- 2026-04-11T13:53:27.071419Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where
agoois used as part of a chain of backend servers due to insufficientContent-LengthandTransfer Encodingparsing. - References
Affected packages
Git / github.com/ohler55/agoo
Affected versions
v0.*
v0.9.0
v0.9.1
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v2.*
v2.0.0
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.1.1
v2.1.3
v2.10.0
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.11.4
v2.11.5
v2.11.6
v2.11.7
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.5.5
v2.5.6
v2.5.7
v2.6.0
v2.6.1
v2.7.0
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7670.json"
vanir_signatures_modified
"2026-04-11T13:53:27Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "35247422001380630584406346398931429283",
"length": 1333.0
},
"id": "CVE-2020-7670-0665e8b1",
"deprecated": false,
"target": {
"file": "ext/agoo/request.c",
"function": "request_env"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "197527120151401954070768136491744829112",
"length": 2641.0
},
"id": "CVE-2020-7670-1412b4c3",
"deprecated": false,
"target": {
"file": "ext/agoo/server.c",
"function": "listen_loop"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "37089507596107008691338219303026802290",
"length": 5466.0
},
"id": "CVE-2020-7670-1e018334",
"deprecated": false,
"target": {
"file": "ext/agoo/con.c",
"function": "con_header_read"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "224311398308155682763085616354427762811",
"length": 969.0
},
"id": "CVE-2020-7670-2815c76a",
"deprecated": false,
"target": {
"file": "ext/agoo/request.c",
"function": "add_header_value"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"285140162963638803019077007719498113996",
"207668436712517809079038686968444708385",
"193720274636039262281677985724246349996",
"205824730470354897129319279126430959188",
"56064582431734072046667001212915391661"
]
},
"id": "CVE-2020-7670-29152ea4",
"deprecated": false,
"target": {
"file": "ext/agoo/req.h"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15060422972661983163948658502202019250",
"314193017542263085322055585292899682989",
"57889701046833191719981896685341928302",
"195029102782401644232699996546924113725",
"140491025627404970681151068508998711774",
"325492328904178052345633875945961830854",
"33880785326589810755435713807536680002",
"252791491413767853323221639488031407232"
]
},
"id": "CVE-2020-7670-5987e325",
"deprecated": false,
"target": {
"file": "ext/agoo/con.c"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"115210966930340422456005478377963616616",
"273120549992224863258354349698010097693",
"158605749819223894077068644078849491387",
"4885844487322698144472475210751352945",
"209355656808285667661485649630801677917"
]
},
"id": "CVE-2020-7670-8f16ac5d",
"deprecated": false,
"target": {
"file": "ext/agoo/con.h"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "206350082267776496855612115095346295812",
"length": 1107.0
},
"id": "CVE-2020-7670-92969b73",
"deprecated": false,
"target": {
"file": "ext/agoo/websocket.c",
"function": "agoo_ws_create_req"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"332634221425284809288148109520618530888",
"86947899483443558833165556156352998393",
"286737267692981333614491569625328658202",
"184640852462178421675652028696019687565",
"288431788791673036326189263812731002711"
]
},
"id": "CVE-2020-7670-a57e7c44",
"deprecated": false,
"target": {
"file": "ext/agoo/server.c"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322388504200938255748593317710422410436",
"148435175035376347927357662772214289094",
"145952662655245660728660273468620601281",
"142792505593306961970573065795535524635",
"144819719229374109236239858145614447443",
"183990719311219233238370535323215605331",
"257114553474805847202167582538500446713",
"223716786887693474658927890529644414760",
"139127352568816567870962594315456725549",
"124130266117619058014478704768971878187",
"137770213168000126539446342016162281307",
"232355888315589476321087980966773434863",
"322237325836739335068590647652499420955",
"46063599650865844967068742030723982887",
"146718839595191387649406861267909082012",
"277954976833403470737840433317920520762",
"289610918637091106997881249301588482418",
"326997372068098185455216374182123130090",
"221729705736896397207475714224437526309",
"221343037804164586989119254387514474420",
"193605338798930116878185437976114757592",
"324190219186007124646707566714629517523",
"168800463467431958646033237749196709248",
"213669877942803426726734799482885983745",
"289981459130750993820421020072725982241",
"251225182075127551834960840709562057835",
"166272255769783065970306287060357045173",
"139223711132986057857678947037613274268",
"110582798831977584791998723761188369022",
"112348030349739950811235131679472582829",
"333267187300372548199754176550780833553",
"47500203947543415017061446751228869024",
"127774214014437810390635584659538079901",
"204031884482134527961630610679408097676",
"309735474971447048735027849723183584752",
"243012019670381410097314506508655905842",
"117470482213942205893919787899971295790",
"324953189504671661893956910764005811676",
"200543642484595048736203579497414189010",
"108251999269029246570397187232069275894",
"10082954785797818178353928612819853840",
"30894395330116487914034709409325475741",
"248459640997421723839225599265167052628",
"29230960447030923194131834231317932899",
"118304442034382920884250066593335993012",
"79891845740728428628231424572577252806",
"140240521155677582953660886544599100472",
"212119500509052573991180336460225243190",
"122703885855614020812589568773135125243",
"211799906761326036148612017867360666433",
"217373447166761348273509114009846280702",
"14743418761280137569845459004905843921",
"217735011987729873095874619708510445350",
"193401294407096709101040471770965685354",
"307920966078354295973738430961767532787",
"156991101564689342369126765122753574488",
"99142168011874145983611519465857469977",
"245953601118675344535563344107025863862",
"270865335196069272443945598668785227636",
"21022857159335062989595862078230979773",
"254422518879582568919916801074249165356",
"206032952595938227749419015530084015734",
"337115402309297297352774506451487710945",
"258818417566063593783968942837176521518",
"235176705320112182704805161434072006783",
"303349645723452989487009819577657975053",
"140841838368418383563932888647682555683",
"192205447906180511924920191104251093602",
"61525415404346314062011176361781978378",
"45234791700314817016252061511696039486",
"315471867317332467515824289872878838890",
"170293717423946292738400699745561168071",
"99074866796746784840180901913588090953",
"130966640853770657303137234350951614674",
"6302596616958268513111173622314328539",
"80569394961597435788549323553874351354",
"133980858097413227739842781576358615328",
"204464810360631460961811881781610157805",
"294180750659343469753522055472564021332",
"203014153417825536390482688022849881095",
"197086721101946178007794206345010309321",
"302875678947994512027968510107741002259",
"234710523268330489917955754110055035347",
"304938858422009801110429051751818472009",
"234361804395442036318313626746322138536",
"11018670964645366083474518650383216779",
"46905366464351620420509846739117255942",
"291627817045391289363286517394816194909",
"57216710607720428076493498094996860059",
"61026475739042313664762842868860064841",
"84345624359225989531836067542713134120",
"241232805767650800038897789370145957867",
"198220581918127148087815207651109065620",
"119374297298863881096944527316196107855",
"282090847717267092956891984715095262488",
"313381057238410290370440137949181850025",
"248827357447316615470316769143348935743",
"302286741056290819819708000709595984126",
"70154037719392706173304668720086804465",
"264415624999075597257727428458301896931",
"288832931824609350556278027202025698554",
"29024457025254200126952008320362626009",
"54971798650668094426126808398270024430",
"196465156726758819602914271949980883564",
"225039095886396951391692535653002436213",
"323809011436865123763672194750642673614",
"238621835790329258276630946835860407899",
"242580534461765572423807577077735143165",
"126276595251548648119446166972483738939",
"80328586585701371965131463717974365074",
"323056612856791622627863955360061851193",
"279553379197807501636929381031189029988",
"319819740005952186618430997481453765103",
"253887835176777216887982711593604329224",
"108399171963718805282634822499018513940",
"119300345786536578886048816174582450066",
"308060805162315717645154489856380051373",
"60764279168899152447348043218344107320",
"168400098208925958539584031379315783594",
"116857811117167718750733714047567062423",
"57923324960902180741797162298781993610",
"180498643742928312901075075073778132201",
"321601266486603250981988446690948527584",
"74011690642455388341586937545741171942",
"30845235065374180837736941557410292668",
"304440798732188031233865529815820159014",
"259684408521843657082953545394874403318",
"118664254293813164283132498644840131041",
"130342633744088732142828164695330419001",
"246667924816122687149120889062509451601",
"262942445187402547899039323446128670023",
"108700754649089318306317050733832448544",
"23209304783936126256319972039890320067",
"322961795274157045517582520495425258308",
"219785300177963816243117649713916619386",
"190986268749910703897677256728819134415",
"2472573049184265184232626842970153708",
"212083626230640559972911024626954426867",
"144555011811455526766001293626709922692",
"27518304318534818329325433469854482071",
"120530064879485441876110973585545442764",
"27063258604941398366497867024364769631",
"125731083647241915037400394920568940790",
"241633517977778137809445890151578869403",
"118440069187563584884939061592100902360",
"35193189932594463861153634636990375931",
"194796188010389764699467952414518652236",
"33696204846395684853467959060266669902",
"83117235980437314459979408497160200591",
"316801857220663031392225460298245239805",
"262465579695203609277006735777457547085"
]
},
"id": "CVE-2020-7670-bb0251a3",
"deprecated": false,
"target": {
"file": "ext/agoo/http.c"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"302709718064030321723529510144499735213",
"45458052198506484407876528200179490655",
"210579165986079447798464515027754024974",
"166732415408301782675507561190551363333",
"283590569402242962373409832258717683900",
"232445697665576861955241322520975817618",
"132302328044921796859853663194898151052",
"267131754990366882718361982537081710647",
"206151427131175406188310033316123151770",
"32160355953213992418656939640109469884",
"19597629368519581319065856382876845467",
"34011986965705279344685138179161182160",
"182801256186400800621303781400491562827",
"60578270266611599548322230237835449521",
"230971356127873069878942023805848336909",
"211130140224476071525288204070655796184",
"220461806251093538673843657366661150889",
"72609320053568062842240832519139644984",
"308060298780414816360046931881632610943",
"46376348591748620328094755391627486579",
"224250451364845644384447617138067514748",
"211702996716192179008245909838522384583",
"182727720241184216265983290610712915524",
"31286030767830954704787360404592100193",
"84956223263970518613739386234969154176",
"191611097216934468532444862090214439742",
"171838735074713109644240199183718410581",
"117227613314776336086457000712640020839",
"174682699695210252479630495743029632312",
"180670589201960725906995745544323017304",
"67598643570542858504143912711118843011",
"225816264801722859017452610490834330402",
"305236576784483451172483772526848525693",
"116660597921019433867038397195032842143",
"314914200569416476177719062655168538082",
"156618419229270942795924073997949348805"
]
},
"id": "CVE-2020-7670-c82c95f6",
"deprecated": false,
"target": {
"file": "ext/agoo/request.c"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"threshold": 0.9,
"line_hashes": [
"291481138560449124437630911938378075955",
"167305426740404834461632889194038790323",
"228952497681971611932544019724116805620",
"76138736780225617961823046183499605354"
]
},
"id": "CVE-2020-7670-f6777730",
"deprecated": false,
"target": {
"file": "ext/agoo/websocket.c"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "250106398637481963174062012948296612995",
"length": 391.0
},
"id": "CVE-2020-7670-f67c5d50",
"deprecated": false,
"target": {
"file": "ext/agoo/con.c",
"function": "agoo_con_create"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ohler55/agoo/commit/23d03535cf7b50d679a60a953a0cae9519a4a130",
"digest": {
"function_hash": "241473801653258120840635189491838194722",
"length": 4268.0
},
"id": "CVE-2020-7670-f899af3b",
"deprecated": false,
"target": {
"file": "ext/agoo/request.c",
"function": "request_init"
}
}
]