First published: Fri Sep 10 2021(Updated: )
curl. Multiple issues were addressed by updating to curl version 7.79.1.
Credit: CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-dotnet31-curl | <0:7.61.1-22.el7_9 | 0:7.61.1-22.el7_9 |
redhat/curl | <0:7.61.1-18.el8_4.2 | 0:7.61.1-18.el8_4.2 |
redhat/curl | <0:7.61.1-12.el8_2.4 | 0:7.61.1-12.el8_2.4 |
debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 |
redhat/curl | <7.79.0 | 7.79.0 |
macOS | <12.3 | 12.3 |
Curl | >=7.20.0<7.79.0 | |
Red Hat Fedora | =33 | |
Red Hat Fedora | =35 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
Debian Linux | =11.0 | |
NetApp Cloud Backup | ||
IBM Data ONTAP | ||
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
All of | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700E | ||
NetApp H700E | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp SolidFire Baseboard Management Controller Firmware | ||
NetApp SolidFire | ||
Oracle Communications Cloud Native Core Binding Support Function | =1.11.0 | |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =1.15.1 | |
Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
Oracle Communications Cloud Native Core Service Communication Proxy | =1.15.0 | |
MySQL | >=5.7.0<=5.7.35 | |
MySQL | >=8.0.0<=8.0.26 | |
Oracle PeopleTools | =8.57 | |
Oracle PeopleTools | =8.58 | |
Oracle PeopleTools | =8.59 | |
Siemens SINEC Infrastructure Network Services | <1.0.1.1 | |
macOS | <12.3 | |
Oracle Commerce | =11.3.2 | |
Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
Oracle Communications Cloud Native Core Console | =22.2.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =22.1.2 | |
Oracle Communications Cloud Native Core Network Repository Function | =22.2.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =22.1.1 | |
Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
Splunk Universal Forwarder | =9.1.0 | |
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp SolidFire Baseboard Management Controller Firmware | ||
NetApp SolidFire |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2021-22947 is a vulnerability in the curl software library that allows a server to send multiple responses at once, leading to potential security issues.
The severity of CVE-2021-22947 is medium, with a CVSS score of 6.1.
CVE-2021-22947 affects curl versions 7.20.0 to 7.78.0 when using STARTTLS to upgrade to TLS security for IMAP or POP3 connections.
To fix CVE-2021-22947, update to curl version 7.79.1 or higher.
You can find more information about CVE-2021-22947 at the following references: [link1], [link2], [link3].