CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
haxxlibcurl
7.10.4 ≤
𝑥
< 7.77.0
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
netappcloud_backup
-
netappclustered_data_ontap
-
netappsolidfire_\&_hci_management_node
-
netappsolidfire_baseboard_management_controller_firmware
-
oraclemysql_server
5.7.0 ≤
𝑥
≤ 5.7.36
oraclemysql_server
8.0.0 ≤
𝑥
≤ 8.0.26
oraclepeoplesoft_enterprise_peopletools
8.57
oraclepeoplesoft_enterprise_peopletools
8.58
oraclepeoplesoft_enterprise_peopletools
8.59
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
siemenssinema_remote_connect_server
𝑥
< 3.1
siemenslogo\!_cmr2040_firmware
*
siemenslogo\!_cmr2020_firmware
*
siemensruggedcomrm_1224_lte_firmware
𝑥
< 7.1
siemensscalance_m804pb_firmware
𝑥
< 7.1
siemensscalance_m812-1_firmware
𝑥
< 7.1
siemensscalance_m816-1_firmware
𝑥
< 7.1
siemensscalance_m826-2_firmware
𝑥
< 7.1
siemensscalance_m874-2_firmware
𝑥
< 7.1
siemensscalance_m874-3_firmware
𝑥
< 7.1
siemensscalance_m876-3_firmware
𝑥
< 7.1
siemensscalance_m876-4_firmware
𝑥
< 7.1
siemensscalance_mum856-1_firmware
𝑥
< 7.1
siemensscalance_s615_firmware
𝑥
< 7.1
siemenssimatic_cp_1543-1_firmware
𝑥
< 3.0.22
siemenssimatic_cp_1545-1_firmware
𝑥
< 1.1
siemenssimatic_rtu3010c_firmware
𝑥
< 5.0.14
siemenssimatic_rtu3030c_firmware
𝑥
< 5.0.14
siemenssimatic_rtu3031c_firmware
𝑥
< 5.0.14
siemenssimatic_rtu_3041c_firmware
𝑥
< 5.0.14
siemenssinema_remote_connect
𝑥
< 3.1
siemenssiplus_net_cp_1543-1_firmware
𝑥
< 3.0.22
splunkuniversal_forwarder
8.2.0 ≤
𝑥
< 8.2.12
splunkuniversal_forwarder
9.0.0 ≤
𝑥
< 9.0.6
splunkuniversal_forwarder
9.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
curl
bullseye
7.74.0-1.3+deb11u13
fixed
bullseye (security)
7.74.0-1.3+deb11u11
fixed
bookworm
7.88.1-10+deb12u7
fixed
bookworm (security)
7.88.1-10+deb12u5
fixed
sid
8.10.1-2
fixed
trixie
8.10.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
lunar
Fixed 7.74.0-1.2ubuntu4
released
kinetic
Fixed 7.74.0-1.2ubuntu4
released
jammy
Fixed 7.74.0-1.2ubuntu4
released
impish
Fixed 7.74.0-1.2ubuntu4
released
hirsute
Fixed 7.74.0-1ubuntu2.1
released
groovy
ignored
focal
Fixed 7.68.0-1ubuntu2.6
released
bionic
Fixed 7.58.0-2ubuntu3.14
released
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://hackerone.com/reports/1223565
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.debian.org/security/2022/dsa-5197
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://hackerone.com/reports/1223565
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.debian.org/security/2022/dsa-5197
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html