#VU29290 Improper Neutralization of HTTP Headers for Scripting Syntax in cURL - CVE-2020-8177


Vulnerability identifier: #VU29290

Vulnerability risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-8177

CWE-ID: CWE-644

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote attacker to overwrite files on the victim's system.

The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 7.20.0 - 7.70.0

External links
https://curl.haxx.se/docs/CVE-2020-8177.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cloud Transformation Advisor
Multiple vulnerabilities in Dell Secured Component Verification (SCV)
Splunk Enterprise update for third-party packages
Splunk Universal Forwarder update for third-party packages
Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Multiple vulnerabilities in IBM Cloud Pak for Security
Multiple vulnerabilities in Siemens SINEC INS
Tensorflow update for third-party components
Multiple vulnerabilities in Red Hat Ansible Automation Platform 1.2
Debian update for curl