CVE-2020-8177

Public on 2020-07-14
Modified on 2020-07-29
Description
A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is to file integrity.
Severity
Medium
CVSS v3 Base Score
5.4
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 curl 2020-07-14 02:30 ALAS2-2020-1451
Amazon Linux 1 curl 2020-07-28 17:21 ALAS-2020-1411

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
NVD CVSSv2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H