CVE-2021-22924: Input Validation
First published: Mon Jul 12 2021(Updated: )
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-dotnet31-curl | <0:7.61.1-22.el7_9 | 0:7.61.1-22.el7_9 |
| redhat/curl | <0:7.61.1-18.el8_4.1 | 0:7.61.1-18.el8_4.1 |
| debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 |
| redhat/curl | <7.78.0 | 7.78.0 |
| Haxx Libcurl | >=7.10.4<7.77.0 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Netapp Cloud Backup | ||
| NetApp Clustered Data ONTAP | ||
| Netapp Solidfire \& Hci Management Node | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Oracle Mysql Server | >=5.7.0<=5.7.36 | |
| Oracle Mysql Server | >=8.0.0<=8.0.26 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
| Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
| Siemens SINEMA Remote Connect Server | <3.1 | |
| Siemens Logo\! Cmr2040 Firmware | ||
| Siemens Logo\! Cmr2040 | ||
| Siemens Logo\! Cmr2020 Firmware | ||
| Siemens Logo\! Cmr2020 | ||
| Siemens Ruggedcomrm 1224 Lte Firmware | <7.1 | |
| Siemens Ruggedcomrm 1224 Lte | ||
| Siemens Scalance M804pb Firmware | <7.1 | |
| Siemens Scalance M804pb | ||
| Siemens Scalance M812-1 Firmware | <7.1 | |
| Siemens Scalance M812-1 | ||
| Siemens Scalance M816-1 Firmware | <7.1 | |
| Siemens Scalance M816-1 | ||
| Siemens Scalance M826-2 Firmware | <7.1 | |
| Siemens Scalance M826-2 | ||
| Siemens Scalance M874-2 Firmware | <7.1 | |
| Siemens Scalance M874-2 | ||
| Siemens Scalance M874-3 Firmware | <7.1 | |
| Siemens Scalance M874-3 | ||
| Siemens Scalance M876-3 Firmware | <7.1 | |
| Siemens Scalance M876-3 | ||
| Siemens Scalance M876-4 Firmware | <7.1 | |
| Siemens Scalance M876-4 | ||
| Siemens Scalance Mum856-1 Firmware | <7.1 | |
| Siemens Scalance Mum856-1 | ||
| Siemens Scalance S615 Firmware | <7.1 | |
| Siemens SCALANCE S615 | ||
| Siemens Simatic Cp 1543-1 Firmware | <3.0.22 | |
| Siemens Simatic Cp 1543-1 | ||
| Siemens Simatic Cp 1545-1 Firmware | <1.1 | |
| Siemens SIMATIC CP 1545-1 | ||
| Siemens Simatic Rtu3010c Firmware | <5.0.14 | |
| Siemens Simatic Rtu3010c | ||
| Siemens Simatic Rtu3030c Firmware | <5.0.14 | |
| Siemens Simatic Rtu3030c | ||
| Siemens Simatic Rtu3031c Firmware | <5.0.14 | |
| Siemens Simatic Rtu3031c | ||
| Siemens Simatic Rtu 3041c Firmware | <5.0.14 | |
| Siemens Simatic Rtu 3041c | ||
| Siemens Sinema Remote Connect | <3.1 | |
| Siemens Siplus Net Cp 1543-1 Firmware | <3.0.22 | |
| Siemens Siplus Net Cp 1543-1 | ||
| All of | ||
| Siemens Logo\! Cmr2040 Firmware | ||
| Siemens Logo\! Cmr2040 | ||
| All of | ||
| Siemens Logo\! Cmr2020 Firmware | ||
| Siemens Logo\! Cmr2020 | ||
| All of | ||
| Siemens Ruggedcomrm 1224 Lte Firmware | <7.1 | |
| Siemens Ruggedcomrm 1224 Lte | ||
| All of | ||
| Siemens Scalance M804pb Firmware | <7.1 | |
| Siemens Scalance M804pb | ||
| All of | ||
| Siemens Scalance M812-1 Firmware | <7.1 | |
| Siemens Scalance M812-1 | ||
| All of | ||
| Siemens Scalance M816-1 Firmware | <7.1 | |
| Siemens Scalance M816-1 | ||
| All of | ||
| Siemens Scalance M826-2 Firmware | <7.1 | |
| Siemens Scalance M826-2 | ||
| All of | ||
| Siemens Scalance M874-2 Firmware | <7.1 | |
| Siemens Scalance M874-2 | ||
| All of | ||
| Siemens Scalance M874-3 Firmware | <7.1 | |
| Siemens Scalance M874-3 | ||
| All of | ||
| Siemens Scalance M876-3 Firmware | <7.1 | |
| Siemens Scalance M876-3 | ||
| All of | ||
| Siemens Scalance M876-4 Firmware | <7.1 | |
| Siemens Scalance M876-4 | ||
| All of | ||
| Siemens Scalance Mum856-1 Firmware | <7.1 | |
| Siemens Scalance Mum856-1 | ||
| All of | ||
| Siemens Scalance S615 Firmware | <7.1 | |
| Siemens SCALANCE S615 | ||
| All of | ||
| Siemens Simatic Cp 1543-1 Firmware | <3.0.22 | |
| Siemens Simatic Cp 1543-1 | ||
| All of | ||
| Siemens Simatic Cp 1545-1 Firmware | <1.1 | |
| Siemens SIMATIC CP 1545-1 | ||
| All of | ||
| Siemens Simatic Rtu3010c Firmware | <5.0.14 | |
| Siemens Simatic Rtu3010c | ||
| All of | ||
| Siemens Simatic Rtu3030c Firmware | <5.0.14 | |
| Siemens Simatic Rtu3030c | ||
| All of | ||
| Siemens Simatic Rtu3031c Firmware | <5.0.14 | |
| Siemens Simatic Rtu3031c | ||
| All of | ||
| Siemens Simatic Rtu 3041c Firmware | <5.0.14 | |
| Siemens Simatic Rtu 3041c | ||
| All of | ||
| Siemens Siplus Net Cp 1543-1 Firmware | <3.0.22 | |
| Siemens Siplus Net Cp 1543-1 | ||
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Remedy
This flaw can be mitigated by upgrading the affected curl utility to version 7.78.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-22924 https://nvd.nist.gov/vuln/detail/CVE-2021-22924 https://curl.se/docs/CVE-2021-22924.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1981460
- https://access.redhat.com/errata/RHSA-2022:1354
- https://access.redhat.com/errata/RHSA-2021:3582
- https://access.redhat.com/security/cve/cve-2021-22924
- https://security-tracker.debian.org/tracker/CVE-2021-22924
- https://curl.se/docs/CVE-2021-22924.html
- https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
- https://security-tracker.debian.org/tracker/CVE-2021-22898
- https://github.com/curl/curl/issues/7216
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991492
- https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526
- https://www.openwall.com/lists/oss-security/2021/07/21/3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1984327
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
- https://hackerone.com/reports/1223565
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
- https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
- https://security.netapp.com/advisory/ntap-20210902-0003/
- https://www.debian.org/security/2022/dsa-5197
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
- collector/redhat-cve
- collector/debian-bugs
- alias/CVE-2021-22924
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/event
- agent/last-modified-date
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- package-manager/redhat
- package-manager/debian
- vendor/haxx
- canonical/haxx libcurl
- version/haxx libcurl/7.10.4
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp clustered data ontap
- canonical/netapp solidfire \& hci management node
- canonical/netapp solidfire baseboard management controller firmware
- vendor/oracle
- canonical/oracle mysql server
- version/oracle mysql server/5.7.0
- version/oracle mysql server/5.7.36
- version/oracle mysql server/8.0.0
- version/oracle mysql server/8.0.26
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- version/oracle peoplesoft enterprise peopletools/8.59
- vendor/siemens
- canonical/siemens sinec infrastructure network services
- canonical/siemens sinema remote connect server
- canonical/siemens logo\! cmr2040 firmware
- canonical/siemens logo\! cmr2040
- canonical/siemens logo\! cmr2020 firmware
- canonical/siemens logo\! cmr2020
- canonical/siemens ruggedcomrm 1224 lte firmware
- canonical/siemens ruggedcomrm 1224 lte
- canonical/siemens scalance m804pb firmware
- canonical/siemens scalance m804pb
- canonical/siemens scalance m812-1 firmware
- canonical/siemens scalance m812-1
- canonical/siemens scalance m816-1 firmware
- canonical/siemens scalance m816-1
- canonical/siemens scalance m826-2 firmware
- canonical/siemens scalance m826-2
- canonical/siemens scalance m874-2 firmware
- canonical/siemens scalance m874-2
- canonical/siemens scalance m874-3 firmware
- canonical/siemens scalance m874-3
- canonical/siemens scalance m876-3 firmware
- canonical/siemens scalance m876-3
- canonical/siemens scalance m876-4 firmware
- canonical/siemens scalance m876-4
- canonical/siemens scalance mum856-1 firmware
- canonical/siemens scalance mum856-1
- canonical/siemens scalance s615 firmware
- canonical/siemens scalance s615
- canonical/siemens simatic cp 1543-1 firmware
- canonical/siemens simatic cp 1543-1
- canonical/siemens simatic cp 1545-1 firmware
- canonical/siemens simatic cp 1545-1
- canonical/siemens simatic rtu3010c firmware
- canonical/siemens simatic rtu3010c
- canonical/siemens simatic rtu3030c firmware
- canonical/siemens simatic rtu3030c
- canonical/siemens simatic rtu3031c firmware
- canonical/siemens simatic rtu3031c
- canonical/siemens simatic rtu 3041c firmware
- canonical/siemens simatic rtu 3041c
- canonical/siemens sinema remote connect
- canonical/siemens siplus net cp 1543-1 firmware
- canonical/siemens siplus net cp 1543-1
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0