PublicDateAtUSN: 2020-12-09 08:00:00 UTC
Candidate: CVE-2020-8285
CRD: 2020-12-09 08:00:00 UTC
PublicDate: 2020-12-14 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
 https://curl.se/docs/CVE-2020-8285.html
 https://ubuntu.com/security/notices/USN-4665-1
 https://ubuntu.com/security/notices/USN-4665-2
Description:
 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion
 due to a stack overflow issue in FTP wildcard match parsing.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/curl/curl/issues/6255
Priority: medium
Discovered-by: xnynx
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_curl:
 upstream: https://github.com/curl/curl/commit/69a358f2186e04
upstream_curl: released (7.74.0)
precise/esm_curl: released (7.22.0-3ubuntu4.29)
trusty_curl: ignored (out of standard support)
trusty/esm_curl: released (7.35.0-1ubuntu2.20+esm6)
xenial_curl: released (7.47.0-1ubuntu2.18)
esm-infra/xenial_curl: released (7.47.0-1ubuntu2.18)
bionic_curl: released (7.58.0-2ubuntu3.12)
focal_curl: released (7.68.0-1ubuntu2.4)
groovy_curl: released (7.68.0-1ubuntu4.2)
devel_curl: released (7.74.0-1ubuntu1)