When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle malicious user to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 35 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
netapp cloud backup - |
||
netapp clustered data ontap - |
||
netapp h300s firmware - |
||
netapp h500s firmware - |
||
netapp h700s firmware - |
||
netapp h300e firmware - |
||
netapp h500e firmware - |
||
netapp h700e firmware - |
||
netapp h410s firmware - |
||
netapp solidfire baseboard management controller firmware - |
||
oracle communications cloud native core binding support function 1.11.0 |
||
oracle communications cloud native core network function cloud native environment 1.10.0 |
||
oracle communications cloud native core network repository function 1.15.0 |
||
oracle communications cloud native core network repository function 1.15.1 |
||
oracle communications cloud native core network slice selection function 1.8.0 |
||
oracle communications cloud native core service communication proxy 1.15.0 |
||
oracle mysql server |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
siemens sinec infrastructure network services |
||
apple macos |
||
oracle commerce guided search 11.3.2 |
||
oracle communications cloud native core binding support function 22.1.3 |
||
oracle communications cloud native core console 22.2.0 |
||
oracle communications cloud native core network repository function 22.1.2 |
||
oracle communications cloud native core network repository function 22.2.0 |
||
oracle communications cloud native core security edge protection proxy 22.1.1 |
||
splunk universal forwarder |
||
splunk universal forwarder 9.1.0 |
Get our weekly newsletter Nothing is certain except death, taxes, and programming errors
Patch Tuesday The new year brings the same old chore of shoring up Microsoft software. For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products. If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft's Edge browser, in addition to two CVEs in open source projects (Curl and Libarchive), you get 122 fixes that need to be applied. Affected systems include: Windows and associated components, Edge, Exchange Server, Offic...