« List of all CVEs

CVE-2020-8285

Published: 12/14/2020 Last updated: 4/16/2026 Reserved: 1/28/2020

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

CNA assigner: hackerone (36234546-b8fa-4601-9d6f-f4e334aa8ea1) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (3)

conf-libcurl conf-mingw-w64-curl-i686 conf-mingw-w64-curl-x86_64

Products affected (1)

Product Vendor Version
https://github.com/curl/curl n/a n/a

References (80)