UBUNTU-CVE-2020-19909

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-19909

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-19909.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-19909

Upstream

CVE-2020-19909

Withdrawn

2025-07-18T16:45:59Z

Published

2023-08-22T19:16:00Z

Modified

2025-07-16T07:41:09.437253Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Ubuntu - low

Summary

[none]

Details

** DISPUTED ** Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.

References

Affected packages

Ubuntu:20.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.68.0-1ubuntu2.19?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.68.0-1ubuntu2.19

Affected versions

7.*

7.65.3-1ubuntu3

7.65.3-1ubuntu4

7.66.0-1ubuntu1

7.67.0-2ubuntu1

7.68.0-1ubuntu1

7.68.0-1ubuntu2

7.68.0-1ubuntu2.1

7.68.0-1ubuntu2.2

7.68.0-1ubuntu2.4

7.68.0-1ubuntu2.5

7.68.0-1ubuntu2.6

7.68.0-1ubuntu2.7

7.68.0-1ubuntu2.10

7.68.0-1ubuntu2.11

7.68.0-1ubuntu2.12

7.68.0-1ubuntu2.13

7.68.0-1ubuntu2.14

7.68.0-1ubuntu2.15

7.68.0-1ubuntu2.16

7.68.0-1ubuntu2.18

Ecosystem specific

{
    "priority_reason": "Crash in command-line tool only",
    "binaries": [
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.19",
            "binary_name": "libcurl4-openssl-dev"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-19909.json"