CVE-2020-8231 (High) detected in multiple libraries

[mend-for-github-com[bot]]

CVE-2020-8231 - High Severity Vulnerability

Vulnerable Libraries - curlcurl-7_69_1, curlcurl-7_69_1, miranda-ngc4f2f0a8c643304f73cdbea1299c00cf19e8986c, curlcurl-7_69_1, miranda-ngc4f2f0a8c643304f73cdbea1299c00cf19e8986c

Vulnerability Details

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Publish Date: 2020-12-14

URL: CVE-2020-8231

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-12-14

Fix Resolution: curl-7_72_0