Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22947

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Published

2021-09-29T20:15:08.253

Last Modified

2024-11-21T05:50:59.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-310
Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	< 7.79.0	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	netapp	cloud_backup	-	Yes
Application	netapp	clustered_data_ontap	-	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	-	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	-	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Operating System	netapp	solidfire_baseboard_management_controller_firmware	-	Yes
Hardware	netapp	solidfire_baseboard_management_controller	-	No
Application	oracle	communications_cloud_native_core_binding_support_function	1.11.0	Yes
Application	oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	Yes
Application	oracle	communications_cloud_native_core_network_repository_function	1.15.0	Yes
Application	oracle	communications_cloud_native_core_network_repository_function	1.15.1	Yes
Application	oracle	communications_cloud_native_core_network_slice_selection_function	1.8.0	Yes
Application	oracle	communications_cloud_native_core_service_communication_proxy	1.15.0	Yes
Application	oracle	mysql_server	≤ 5.7.35	Yes
Application	oracle	mysql_server	≤ 8.0.26	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.58	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.59	Yes
Application	siemens	sinec_infrastructure_network_services	< 1.0.1.1	Yes
Operating System	apple	macos	< 12.3	Yes
Application	oracle	commerce_guided_search	11.3.2	Yes
Application	oracle	communications_cloud_native_core_binding_support_function	22.1.3	Yes
Application	oracle	communications_cloud_native_core_console	22.2.0	Yes
Application	oracle	communications_cloud_native_core_network_repository_function	22.1.2	Yes
Application	oracle	communications_cloud_native_core_network_repository_function	22.2.0	Yes
Application	oracle	communications_cloud_native_core_security_edge_protection_proxy	22.1.1	Yes
Application	splunk	universal_forwarder	< 8.2.12	Yes
Application	splunk	universal_forwarder	< 9.0.6	Yes
Application	splunk	universal_forwarder	9.1.0	Yes

References

http://seclists.org/fulldisclosure/2022/Mar/29 Mailing List, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory ([email protected])
https://hackerone.com/reports/1334763 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/ Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202212-01 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20211029-0003/ Third Party Advisory ([email protected])
https://support.apple.com/kb/HT213183 Release Notes, Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5197 Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2022/Mar/29 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1334763 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202212-01 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211029-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213183 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5197 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)