5.9
CVSSv3

CVE-2021-22947

Published: 29/09/2021 Updated: 21/11/2024

Vulnerability Summary

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle malicious user to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

fedoraproject fedora 33

fedoraproject fedora 35

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

netapp cloud backup -

netapp clustered data ontap -

netapp h300s firmware -

netapp h500s firmware -

netapp h700s firmware -

netapp h300e firmware -

netapp h500e firmware -

netapp h700e firmware -

netapp h410s firmware -

netapp solidfire baseboard management controller firmware -

oracle communications cloud native core binding support function 1.11.0

oracle communications cloud native core network function cloud native environment 1.10.0

oracle communications cloud native core network repository function 1.15.0

oracle communications cloud native core network repository function 1.15.1

oracle communications cloud native core network slice selection function 1.8.0

oracle communications cloud native core service communication proxy 1.15.0

oracle mysql server

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

siemens sinec infrastructure network services

apple macos

oracle commerce guided search 11.3.2

oracle communications cloud native core binding support function 22.1.3

oracle communications cloud native core console 22.2.0

oracle communications cloud native core network repository function 22.1.2

oracle communications cloud native core network repository function 22.2.0

oracle communications cloud native core security edge protection proxy 22.1.1

splunk universal forwarder

splunk universal forwarder 9.1.0

Vendor Advisories

Synopsis Moderate: rh-dotnet31-curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-dotnet31-curl is now available for NET Core on Red Hat Enterprise LinuxRed Hat Product Security has rat ...
Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this u ...
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Multiple security vulnerabilities have been discovered in cURL, an URL transfer library These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack For the stable distribution (bullseye), these problems have been fixed in version 7740-13+deb11u2 We ...
A flaw was found in curl This flaw lies in the --ssl-reqd option or related settings in libcurl Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server An attacker controlling such servers could return a crafted response which could lead to curl client continue its operation without TLS encryption lead ...
A flaw was found in libcurl When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again The highest threat from this vulnerability is to data confidentiality as well as system availability (CVE-2021-22945) A flaw was found in curl This flaw lies in the --ssl-reqd option o ...
A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7790 When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade Such multiple "pipelined" responses a ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security updates&nbsp;page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp ...

ICS Advisories

Mailing Lists

STARTTLS protocol injection via MITM ==================================== Project curl Security Advisory, September 15th 2021 - [Permalink](curlse/docs/CVE-2021-22947html) VULNERABILITY ------------- When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, ...

Github Repositories

Bug-Bounty-n00b ( Yet to organize! Will Update Soon ) That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you Thanks! It all depends on interest and hard work, not on degree, age, branch, college, etc Wha

bug-bounty-noob ( Yet to organize! Will Update Soon ) That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you Thanks! It all depends on interest and hard work, not on degree, age, branch, college, etc Wha

Recent Articles

Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software
The Register • Thomas Claburn in San Francisco • 12 Jan 2022

Get our weekly newsletter Nothing is certain except death, taxes, and programming errors

Patch Tuesday The new year brings the same old chore of shoring up Microsoft software. For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products. If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft's Edge browser, in addition to two CVEs in open source projects (Curl and Libarchive), you get 122 fixes that need to be applied. Affected systems include: Windows and associated components, Edge, Exchange Server, Offic...