First published: Fri Sep 10 2021(Updated: )
curl. Multiple issues were addressed by updating to curl version 7.79.1.
Credit: CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-dotnet31-curl | <0:7.61.1-22.el7_9 | 0:7.61.1-22.el7_9 |
redhat/curl | <0:7.61.1-18.el8_4.2 | 0:7.61.1-18.el8_4.2 |
redhat/curl | <0:7.61.1-12.el8_2.4 | 0:7.61.1-12.el8_2.4 |
debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u7 7.74.0-1.3+deb11u9 7.74.0-1.3+deb11u10 7.88.1-10+deb12u3 7.88.1-10+deb12u4 8.4.0-2 |
Apple macOS Monterey | <12.3 | 12.3 |
redhat/curl | <7.79.0 | 7.79.0 |
Haxx Curl | >=7.20.0<7.79.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =35 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Netapp Cloud Backup | ||
NetApp Clustered Data ONTAP | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp Solidfire Baseboard Management Controller Firmware | ||
Netapp Solidfire Baseboard Management Controller | ||
Oracle Communications Cloud Native Core Binding Support Function | =1.11.0 | |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =1.15.1 | |
Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
Oracle Communications Cloud Native Core Service Communication Proxy | =1.15.0 | |
Oracle Mysql Server | >=5.7.0<=5.7.35 | |
Oracle Mysql Server | >=8.0.0<=8.0.26 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
Apple macOS | <12.3 | |
Oracle Commerce Guided Search | =11.3.2 | |
Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
Oracle Communications Cloud Native Core Console | =22.2.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =22.1.2 | |
Oracle Communications Cloud Native Core Network Repository Function | =22.2.0 | |
Oracle Communications Cloud Native Core Security Edge Protection Proxy | =22.1.1 | |
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
All of | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
All of | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp Solidfire Baseboard Management Controller Firmware | ||
Netapp Solidfire Baseboard Management Controller | ||
Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
Splunk Universal Forwarder | =9.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2021-22947 is a vulnerability in the curl software library that allows a server to send multiple responses at once, leading to potential security issues.
The severity of CVE-2021-22947 is medium, with a CVSS score of 6.1.
CVE-2021-22947 affects curl versions 7.20.0 to 7.78.0 when using STARTTLS to upgrade to TLS security for IMAP or POP3 connections.
To fix CVE-2021-22947, update to curl version 7.79.1 or higher.
You can find more information about CVE-2021-22947 at the following references: [link1], [link2], [link3].