CVE-2020-8231

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-8231

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8231.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-8231

Aliases

CURL-CVE-2020-8231

Downstream

ALPINE-CVE-2020-8231

BELL-CVE-2020-8231

DEBIAN-CVE-2020-8231

DLA-2382-1

DSA-4881-1

JLSEC-2025-23

OESA-2021-1004

RHSA-2021:1610

RLSA-2021:1610

SUSE-SU-2020:14481-1

SUSE-SU-2020:2444-1

SUSE-SU-2020:2445-1

SUSE-SU-2020:2446-1

SUSE-SU-2021:1786-1

UBUNTU-CVE-2020-8231

USN-4466-1

USN-4466-2

USN-4665-1

openSUSE-SU-2020:1345-1

openSUSE-SU-2020:1359-1

openSUSE-SU-2020:1494-1

openSUSE-SU-2024:10582-1

Related

Published

2020-12-14T20:15:13.590Z

Modified

2026-03-15T21:45:10.176183Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type

GIT

Repo

https://github.com/curl/curl

Events

Introduced

bf633a584dcbb0f80273ba856b7198ad1e395315

Last affected

5a1fc8d33808d7b22f57bdf9403cda7ff07b0670

Database specific

{
    "versions": [
        {
            "introduced": "7.29.0"
        },
        {
            "last_affected": "7.71.1"
        }
    ]
}

Affected versions

Other

curl-7_29_0

curl-7_30_0

curl-7_31_0

curl-7_32_0

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.1.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.14.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.2.0"
            },
            {
                "fixed": "8.2.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "9.0.0"
            },
            {
                "fixed": "9.0.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.1.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8231.json"