SB2020081928 - Fedora 31 update for curl
Published: August 19, 2020 Updated: April 25, 2025
Security Bulletin ID
SB2020081928
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Expired pointer dereference (CVE-ID: CVE-2020-8231)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to expired pointer dereference error for CURLOPT_CONNECT_ONLY connections that may lead to information disclosure. If the application is using the CURLOPT_CONNECT_ONLY option to check if the website is accessible, an attacker might abuse this feature and force the application to re-use expired connection and send data intended to another connection to attacker controlled server.
Remediation
Install update from vendor's website.