CVE-2021-22897
First published: Fri Jun 11 2021(Updated: )
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Haxx Curl | >=7.61.0<=7.76.1 | |
| Oracle Communications Cloud Native Core Binding Support Function | =1.11.0 | |
| Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.1 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
| Oracle Communications Cloud Native Core Service Communication Proxy | =1.15.0 | |
| Oracle Essbase | <11.1.2.4.047 | |
| Oracle Essbase | >=21.0<21.3 | |
| Oracle Mysql Server | <=5.7.34 | |
| Oracle Mysql Server | >=8.0.0<=8.0.25 | |
| Netapp Cloud Backup | ||
| Netapp Solidfire\, Enterprise Sds \& Hci Storage Node | ||
| Netapp Solidfire \& Hci Management Node | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Netapp Hci Compute Node Firmware | ||
| Netapp Hci Compute Node | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
| All of | ||
| Netapp Hci Compute Node Firmware | ||
| Netapp Hci Compute Node | ||
| All of | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://curl.se/docs/CVE-2021-22897.html
- https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511
- https://hackerone.com/reports/1172857
- https://security.netapp.com/advisory/ntap-20210727-0007/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-22897.
What is the severity level of CVE-2021-22897?
The severity level of CVE-2021-22897 is medium.
What is the affected software for CVE-2021-22897?
The affected software for CVE-2021-22897 includes Haxx Curl, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Function Cloud Native Environment, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Service Communication Proxy, Oracle Essbase, Oracle MySQL Server, Netapp Cloud Backup, Netapp Solidfire, Enterprise Sds & Hci Storage Node, Netapp Solidfire & Hci Management Node, Netapp Solidfire Baseboard Management Controller Firmware, Netapp HCI Compute Node Firmware, Netapp H300e Firmware, Netapp H300s Firmware, Netapp H410s Firmware, Netapp H500e Firmware, Netapp H500s Firmware, Netapp H700e Firmware, Netapp H700s Firmware, and Siemens Sinec Infrastructure Network Services.
How is the data element exposed to the wrong session in CVE-2021-22897?
The data element is exposed to the wrong session in CVE-2021-22897 due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library.
Where can I find more information about CVE-2021-22897?
You can find more information about CVE-2021-22897 in the references provided: [SSA-389290.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf), [CVE-2021-22897](https://curl.se/docs/CVE-2021-22897.html), [GitHub commit](https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511).
- agent/weakness
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/type
- agent/severity
- agent/description
- agent/event
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/haxx
- canonical/haxx curl
- version/haxx curl/7.61.0
- version/haxx curl/7.76.1
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/1.11.0
- canonical/oracle communications cloud native core network function cloud native environment
- version/oracle communications cloud native core network function cloud native environment/1.10.0
- canonical/oracle communications cloud native core network repository function
- version/oracle communications cloud native core network repository function/1.15.0
- version/oracle communications cloud native core network repository function/1.15.1
- canonical/oracle communications cloud native core network slice selection function
- version/oracle communications cloud native core network slice selection function/1.8.0
- canonical/oracle communications cloud native core service communication proxy
- version/oracle communications cloud native core service communication proxy/1.15.0
- canonical/oracle essbase
- version/oracle essbase/21.0
- canonical/oracle mysql server
- version/oracle mysql server/5.7.34
- version/oracle mysql server/8.0.0
- version/oracle mysql server/8.0.25
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire\, enterprise sds \& hci storage node
- canonical/netapp solidfire \& hci management node
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp hci compute node firmware
- canonical/netapp hci compute node
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h700s firmware
- canonical/netapp h700s
- vendor/siemens
- canonical/siemens sinec infrastructure network services
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0