CVE-2021-22947

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

References

https://hackerone.com/reports/1334763

https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20211029-0003/

https://lists.fedoraproject.org/archives/list/[email protected]/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

Details

Source: MITRE

Published: 2021-09-29

Updated: 2021-11-28

Type: CWE-345

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
156622KB5009566: Windows 11 Security Updates (January 2022)NessusWindows : Microsoft Bulletins
critical
156621KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)NessusWindows : Microsoft Bulletins
critical
156620KB5009555: Windows Server 2022 Security Updates (January 2022)NessusWindows : Microsoft Bulletins
critical
156618KB5009545: Windows 10 Version 1607 and Windows Server 2016 Security Update (January 2022)NessusWindows : Microsoft Bulletins
critical
156617KB5009543: Windows 10 Version 20H2 / Windows 10 Version 21H1 / Windows 10 Version 21H2 Security Update (January 2022) NessusWindows : Microsoft Bulletins
critical
156306EulerOS 2.0 SP8 : curl (EulerOS-SA-2021-2798)NessusHuawei Local Security Checks
high
155980Amazon Linux 2 : curl (ALAS-2021-1724)NessusAmazon Linux Local Security Checks
critical
155372Amazon Linux AMI : curl (ALAS-2021-1549)NessusAmazon Linux Local Security Checks
high
154874CentOS 8 : curl (CESA-2021:4059)NessusCentOS Local Security Checks
high
154850Oracle Linux 8 : curl (ELSA-2021-4059)NessusOracle Linux Local Security Checks
high
154843RHEL 8 : curl (RHSA-2021:4059)NessusRed Hat Local Security Checks
high
154207openSUSE 15 Security Update : curl (openSUSE-SU-2021:1384-1)NessusSuSE Local Security Checks
high
154052SUSE SLES12 Security Update : curl (SUSE-SU-2021:3351-1)NessusSuSE Local Security Checks
high
153999SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2021:3332-1)NessusSuSE Local Security Checks
high
153921SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2021:3298-1)NessusSuSE Local Security Checks
critical
153916SUSE SLES15 Security Update : curl (SUSE-SU-2021:3297-1)NessusSuSE Local Security Checks
critical
153901openSUSE 15 Security Update : curl (openSUSE-SU-2021:3298-1)NessusSuSE Local Security Checks
critical
153845Debian DLA-2773-1 : curl - LTS security updateNessusDebian Local Security Checks
critical
153812FreeBSD : cURL -- Multiple vulnerabilities (c9221ec9-17a2-11ec-b335-d4c9ef517024)NessusFreeBSD Local Security Checks
critical
153626SUSE SLES11 Security Update : curl (SUSE-SU-2021:14807-1)NessusSuSE Local Security Checks
critical
153505Photon OS 2.0: Curl PHSA-2021-2.0-0392NessusPhotonOS Local Security Checks
critical
153503Photon OS 1.0: Curl PHSA-2021-1.0-0434NessusPhotonOS Local Security Checks
critical
153500Photon OS 3.0: Curl PHSA-2021-3.0-0301NessusPhotonOS Local Security Checks
critical
153494Photon OS 4.0: Curl PHSA-2021-4.0-0102NessusPhotonOS Local Security Checks
critical
153430Slackware Linux 14.0 / 14.1 / 14.2 / current curl Multiple Vulnerabilities (SSA:2021-258-01)NessusSlackware Local Security Checks
critical
153407Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : curl vulnerabilities (USN-5079-1)NessusUbuntu Local Security Checks
critical
153406Ubuntu 16.04 LTS : curl vulnerabilities (USN-5079-2)NessusUbuntu Local Security Checks
high