Vulnerability Description
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.27.0, < 7.78.0 |
| Fedoraproject | Fedora | 33 |
| Netapp | Cloud Backup | - |
| Netapp | Clustered Data Ontap | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Oracle | Mysql Server | >= 5.7.0, <= 5.7.35 |
| Siemens | Sinec Infrastructure Network Services | < 1.0.1.1 |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H300E Firmware | - |
| Netapp | H300E | - |
| Netapp | H500E Firmware | - |
| Netapp | H500E | - |
| Netapp | H700E Firmware | - |
| Netapp | H700E | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1213175ExploitIssue TrackingThird Party Advisory
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01bMailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01bMailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c2Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c2Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202212-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0003/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://hackerone.com/reports/1213175ExploitIssue TrackingThird Party Advisory
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01bMailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01bMailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c2Mailing ListThird Party Advisory
FAQ
What is CVE-2021-22922?
CVE-2021-22922 is a vulnerability with a CVSS score of 6.5 (MEDIUM). When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to g...
How severe is CVE-2021-22922?
CVE-2021-22922 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22922?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora, Netapp Cloud Backup, Netapp Clustered Data Ontap, Netapp Hci Management Node.