Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2021-22947

Published: 29/09/2021 Updated: 27/03/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Haxx

Vulnerability Summary

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle malicious user to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

fedoraproject fedora 33

fedoraproject fedora 35

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

netapp cloud backup -

netapp clustered data ontap -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp solidfire_baseboard_management_controller_firmware -

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle mysql server

oracle communications cloud native core network slice selection function 1.8.0

oracle communications cloud native core network repository function 1.15.0

oracle communications cloud native core network function cloud native environment 1.10.0

oracle communications cloud native core service communication proxy 1.15.0

oracle communications cloud native core network repository function 1.15.1

oracle communications cloud native core binding support function 1.11.0

siemens sinec infrastructure network services

apple macos

oracle commerce guided search 11.3.2

oracle communications cloud native core binding support function 22.1.3

oracle communications cloud native core network repository function 22.2.0

oracle communications cloud native core security edge protection proxy 22.1.1

oracle communications cloud native core console 22.2.0

oracle communications cloud native core network repository function 22.1.2

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this u ...
Red Hat: Moderate: rh-dotnet31-curl security update
Synopsis Moderate: rh-dotnet31-curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-dotnet31-curl is now available for NET Core on Red Hat Enterprise LinuxRed Hat Product Security has rat ...
Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: Service Telemetry Framework 1.4 security update
Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Debian Security Advisories: DSA-5197-1 curl -- security update
Multiple security vulnerabilities have been discovered in cURL, an URL transfer library These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack For the stable distribution (bullseye), these problems have been fixed in version 7740-13+deb11u2 We ...
Amazon Linux AMI: ALAS-2021-1549
A flaw was found in curl This flaw lies in the --ssl-reqd option or related settings in libcurl Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server An attacker controlling such servers could return a crafted response which could lead to curl client continue its operation without TLS encryption lead ...
Amazon Linux 2: ALAS2-2021-1724
A flaw was found in libcurl When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again The highest threat from this vulnerability is to data confidentiality as well as system availability (CVE-2021-22945) A flaw was found in curl This flaw lies in the --ssl-reqd option o ...
Arch Linux Issues:
A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7790 When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade Such multiple "pipelined" responses a ...
Apple: macOS Monterey 12.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security updates&nbsp;page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/hetmehtaa/bug-bounty-noob

Bug-Bounty-n00b ( Yet to organize! Will Update Soon ) That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you Thanks! It all depends on interest and hard work, not on degree, age, branch, college, etc Wha

https://github.com/Mehedi-Babu/bug_bounty_begginer

bug-bounty-noob ( Yet to organize! Will Update Soon ) That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you Thanks! It all depends on interest and hard work, not on degree, age, branch, college, etc Wha

Recent Articles

Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software
The Register • Thomas Claburn in San Francisco • 12 Jan 2022

Get our weekly newsletter Nothing is certain except death, taxes, and programming errors

Patch Tuesday The new year brings the same old chore of shoring up Microsoft software. For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products. If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft's Edge browser, in addition to two CVEs in open source projects (Curl and Libarchive), you get 122 fixes that need to be applied. Affected systems include: Windows and associated components, Edge, Exchange Server, Offic...

Read more...

References

CWE-345https://hackerone.com/reports/1334763https://lists.debian.org/debian-lts-announce/2021/09/msg00022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://security.netapp.com/advisory/ntap-20211029-0003/https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://support.apple.com/kb/HT213183http://seclists.org/fulldisclosure/2022/Mar/29https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.debian.org/security/2022/dsa-5197https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://security.gentoo.org/glsa/202212-01https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:0635https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://www.debian.org/security/2022/dsa-5197
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook