Vulnerability Description
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.61.0, <= 7.76.1 |
| Oracle | Communications Cloud Native Core Binding Support Function | 1.11.0 |
| Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 |
| Oracle | Communications Cloud Native Core Network Repository Function | 1.15.0 |
| Oracle | Communications Cloud Native Core Network Slice Selection Function | 1.8.0 |
| Oracle | Communications Cloud Native Core Service Communication Proxy | 1.15.0 |
| Oracle | Essbase | < 11.1.2.4.047 |
| Oracle | Mysql Server | <= 5.7.34 |
| Netapp | Cloud Backup | - |
| Netapp | Solidfire\, Enterprise Sds \& Hci Storage Node | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | Solidfire Baseboard Management Controller Firmware | - |
| Netapp | Hci Compute Node Firmware | - |
| Netapp | Hci Compute Node | - |
| Netapp | H300E Firmware | - |
| Netapp | H300E | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://curl.se/docs/CVE-2021-22897.htmlPatchVendor Advisory
- https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511PatchThird Party Advisory
- https://hackerone.com/reports/1172857ExploitIssue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210727-0007/Third Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://curl.se/docs/CVE-2021-22897.htmlPatchVendor Advisory
- https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511PatchThird Party Advisory
- https://hackerone.com/reports/1172857ExploitIssue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210727-0007/Third Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-22897?
CVE-2021-22897 is a vulnerability with a CVSS score of 5.3 (MEDIUM). curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The se...
How severe is CVE-2021-22897?
CVE-2021-22897 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22897?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Function Cloud Native Environment, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function.