CVE-2020-8286

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8286

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8286.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8286

Aliases

CURL-CVE-2020-8286

Downstream

ALPINE-CVE-2020-8286

DEBIAN-CVE-2020-8286

DLA-2500-1

DSA-4881-1

OESA-2021-1004

RHSA-2021:1610

RHSA-2021:2472

SUSE-SU-2020:3733-1

SUSE-SU-2020:3735-1

SUSE-SU-2020:3739-1

SUSE-SU-2021:1786-1

UBUNTU-CVE-2020-8286

USN-4665-1

openSUSE-SU-2020:2238-1

openSUSE-SU-2020:2249-1

openSUSE-SU-2024:10582-1

Related

Published

2020-12-14T20:15:14Z

Modified

2025-10-13T10:18:41.810975Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type: GIT
Repo: https://github.com/curl/curl
Events: Introduced

ff837422ee4ec7d6aea7750a40e30cba29db93e8

Fixed

e052859759b34d0e05ce0f17244873e5cd7b457b

Affected versions

Other

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0