5.9

CVE-2021-22947

Exploit

EPSS 0.19%
Published 29.09.2021 20:15:08
Last modified 21.11.2024 05:50:59
Source support@hackerone.com
Teams watchlist Login
Open Login

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Affected products Warnungen 0 Metrics 3 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Haxx ≫ Curl Version >= 7.20.0 < 7.79.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version35

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Netapp ≫ Cloud Backup Version-

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ Solidfire Baseboard Management Controller Firmware Version-

Netapp ≫ Solidfire Baseboard Management Controller Version-

Oracle ≫ Communications Cloud Native Core Binding Support Function Version1.11.0

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.1

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version1.8.0

Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version1.15.0

Oracle ≫ Mysql Server Version >= 5.7.0 <= 5.7.35

Oracle ≫ Mysql Server Version >= 8.0.0 <= 8.0.26

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1

Apple ≫ macOS Version < 12.3

Oracle ≫ Commerce Guided Search Version11.3.2

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3

Oracle ≫ Communications Cloud Native Core Console Version22.2.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.1.2

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.2.0

Oracle ≫ Communications Cloud Native Core Security Edge Protection Proxy Version22.1.1

Splunk ≫ Universal Forwarder Version >= 8.2.0 < 8.2.12

Splunk ≫ Universal Forwarder Version >= 9.0.0 < 9.0.6

Splunk ≫ Universal Forwarder Version9.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.41

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5197

Third Party Advisory

http://seclists.org/fulldisclosure/2022/Mar/29

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT213183

Third Party Advisory

Release Notes

https://security.gentoo.org/glsa/202212-01

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20211029-0003/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html

Third Party Advisory

Mailing List

https://hackerone.com/reports/1334763

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-22947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22947

EUVD