Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-22890

Published: 01/04/2021 Updated: 27/03/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Haxx

Vulnerability Summary

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx libcurl

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

netapp solidfire -

netapp hci management node -

netapp hci storage node -

broadcom fabric operating system -

debian debian linux 9.0

siemens sinec infrastructure network services

oracle communications billing and revenue management 12.0.0.3.0

oracle essbase 21.2

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Debian CVElist Bug Report Logs: curl: CVE-2021-22890
Debian Bug report logs - #986270 curl: CVE-2021-22890 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 Apr 2021 07:30:02 UTC Severity: serious Tags: security, upstream Found in versions curl/7740-11, curl/764 ...
Debian Security Advisories: DSA-4881-1 curl -- security update
Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) CVE-2020-8177 sn reporte ...
Red Hat: CVE-2021-22890
A flaw was found in curl When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed ...
Arch Linux Issues:
Enabled by default, libcurl supports the use of TLS 13 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes When using a HTTPS proxy and TLS 13, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake Th ...
Hitachi Security Advisories: Vulnerability in JP1/Automatic Job Management System 3
A vulnerability (CVE-2021-22890) exists in JP1/Automatic Job Management System 3 Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply the Workarounds ...
Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-290https://hackerone.com/reports/1129529https://curl.se/docs/CVE-2021-22890.htmlhttps://security.netapp.com/advisory/ntap-20210521-0007/https://security.gentoo.org/glsa/202105-36https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986270https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://www.debian.org/security/2021/dsa-4881
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook