Vulnerability CVE-2020-8286: Information

Description

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8286

Published: Dec. 14, 2020

Modified: March 27, 2024

Error type identifier: CWE-295

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
curl	sisyphus	7.74.0-alt1	8.7.1-alt2	ALT-PU-2020-3572-1	264234	Fixed
curl	p10	7.74.0-alt1	8.7.1-alt1	ALT-PU-2020-3572-1	264234	Fixed
curl	p9	7.74.0-alt1	7.79.0-alt2	ALT-PU-2020-3573-1	264236	Fixed
curl	c10f1	7.74.0-alt1	8.6.0-alt1	ALT-PU-2020-3572-1	264234	Fixed
curl	c9f2	7.75.0-alt1	8.6.0-alt1	ALT-PU-2021-1592-1	268646	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://hackerone.com/reports/1048457	Exploit Patch Third Party Advisory
https://curl.se/docs/CVE-2020-8286.html	Vendor Advisory
[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update	Mailing List Third Party Advisory
GLSA-202012-14	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0007/	Third Party Advisory
DSA-4881	Third Party Advisory
https://support.apple.com/kb/HT212325	Third Party Advisory
https://support.apple.com/kb/HT212326	Third Party Advisory
https://support.apple.com/kb/HT212327	Third Party Advisory
20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina	Mailing List Third Party Advisory
20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave	Mailing List Third Party Advisory
20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
N/A	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
FEDORA-2020-ceaf490686	Mailing List Third Party Advisory
FEDORA-2020-7ab62c73bc	Mailing List Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
  Start including
  7.41.0
  End excliding
  7.74.0
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  End excliding
  10.14.6
  cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  Start including
  10.15
  End excliding
  10.15.7
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
  cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
  Start including
  11.0
  End excliding
  11.3
  cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:siemens:simatic_tim_1531_irc_firmware:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:siemens:simatic_tim_1531_irc:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
  End excliding
  1.0.1.1
  
  Configuration 10
  cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
  
  Configuration 11
  cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
  Start including
  9.0.0
  End excliding
  9.0.6
  cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
  Start including
  8.2.0
  End excliding
  8.2.12

Version: v24.4.2

Vulnerability CVE-2020-8286: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11