CVE-2021-22945

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

References

https://hackerone.com/reports/1269242

https://lists.fedoraproject.org/archives/list/[email protected]/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20211029-0003/

https://lists.fedoraproject.org/archives/list/[email protected]/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

Details

Source: MITRE

Published: 2021-09-23

Updated: 2021-11-28

Type: CWE-415

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* versions from 7.73.0 to 7.78.0 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.35 (inclusive)

cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.26 (inclusive)

Configuration 5

AND

OR

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
155980Amazon Linux 2 : curl (ALAS-2021-1724)NessusAmazon Linux Local Security Checks
critical
153812FreeBSD : cURL -- Multiple vulnerabilities (c9221ec9-17a2-11ec-b335-d4c9ef517024)NessusFreeBSD Local Security Checks
critical
153505Photon OS 2.0: Curl PHSA-2021-2.0-0392NessusPhotonOS Local Security Checks
critical
153503Photon OS 1.0: Curl PHSA-2021-1.0-0434NessusPhotonOS Local Security Checks
critical
153500Photon OS 3.0: Curl PHSA-2021-3.0-0301NessusPhotonOS Local Security Checks
critical
153494Photon OS 4.0: Curl PHSA-2021-4.0-0102NessusPhotonOS Local Security Checks
critical
153430Slackware Linux 14.0 / 14.1 / 14.2 / current curl Multiple Vulnerabilities (SSA:2021-258-01)NessusSlackware Local Security Checks
critical
153407Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : curl vulnerabilities (USN-5079-1)NessusUbuntu Local Security Checks
critical