OESA-2021-1004

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1004
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1004.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1004
Upstream
Published
2021-02-04T11:02:33Z
Modified
2025-08-12T05:06:47.727698Z
Summary
curl security update
Details

cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\n Security Fix(es):\r\n\r\n Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.(CVE-2020-8231)\r\n\r\n curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.(CVE-2020-8286)\r\n\r\n curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.(CVE-2020-8285)\r\n\r\n A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.(CVE-2020-8284)\r\n\r\n

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS / curl

Package

Name
curl
Purl
pkg:rpm/openEuler/curl&distro=openEuler-20.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.71.1-4.oe1

Ecosystem specific 

{
    "src": [
        "curl-7.71.1-5.oe1.src.rpm",
        "curl-7.71.1-4.oe1.src.rpm"
    ],
    "x86_64": [
        "curl-debugsource-7.71.1-5.oe1.x86_64.rpm",
        "libcurl-7.71.1-5.oe1.x86_64.rpm",
        "curl-debuginfo-7.71.1-5.oe1.x86_64.rpm",
        "curl-7.71.1-5.oe1.x86_64.rpm",
        "libcurl-devel-7.71.1-5.oe1.x86_64.rpm",
        "curl-7.71.1-4.oe1.x86_64.rpm",
        "libcurl-7.71.1-4.oe1.x86_64.rpm",
        "libcurl-devel-7.71.1-4.oe1.x86_64.rpm",
        "curl-debuginfo-7.71.1-4.oe1.x86_64.rpm",
        "curl-debugsource-7.71.1-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "curl-7.71.1-5.oe1.aarch64.rpm",
        "curl-debugsource-7.71.1-5.oe1.aarch64.rpm",
        "libcurl-devel-7.71.1-5.oe1.aarch64.rpm",
        "libcurl-7.71.1-5.oe1.aarch64.rpm",
        "curl-debuginfo-7.71.1-5.oe1.aarch64.rpm",
        "curl-debuginfo-7.71.1-4.oe1.aarch64.rpm",
        "libcurl-7.71.1-4.oe1.aarch64.rpm",
        "curl-debugsource-7.71.1-4.oe1.aarch64.rpm",
        "libcurl-devel-7.71.1-4.oe1.aarch64.rpm",
        "curl-7.71.1-4.oe1.aarch64.rpm"
    ],
    "noarch": [
        "curl-help-7.71.1-5.oe1.noarch.rpm",
        "curl-help-7.71.1-4.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP1 / curl

Package

Name
curl
Purl
pkg:rpm/openEuler/curl&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.71.1-4.oe1

Ecosystem specific 

{
    "src": [
        "curl-7.71.1-4.oe1.src.rpm"
    ],
    "x86_64": [
        "curl-7.71.1-4.oe1.x86_64.rpm",
        "libcurl-7.71.1-4.oe1.x86_64.rpm",
        "libcurl-devel-7.71.1-4.oe1.x86_64.rpm",
        "curl-debuginfo-7.71.1-4.oe1.x86_64.rpm",
        "curl-debugsource-7.71.1-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "curl-debuginfo-7.71.1-4.oe1.aarch64.rpm",
        "libcurl-7.71.1-4.oe1.aarch64.rpm",
        "curl-debugsource-7.71.1-4.oe1.aarch64.rpm",
        "libcurl-devel-7.71.1-4.oe1.aarch64.rpm",
        "curl-7.71.1-4.oe1.aarch64.rpm"
    ],
    "noarch": [
        "curl-help-7.71.1-4.oe1.noarch.rpm"
    ]
}