Vulnerability Description
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Libcurl | >= 7.10.4, < 7.77.0 |
| Fedoraproject | Fedora | 33 |
| Debian | Debian Linux | 9.0 |
| Netapp | Cloud Backup | - |
| Netapp | Clustered Data Ontap | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | Solidfire Baseboard Management Controller Firmware | - |
| Oracle | Mysql Server | >= 5.7.0, <= 5.7.36 |
| Oracle | Peoplesoft Enterprise Peopletools | 8.57 |
| Siemens | Sinec Infrastructure Network Services | < 1.0.1.1 |
| Siemens | Sinema Remote Connect Server | < 3.1 |
| Siemens | Logo\! Cmr2040 Firmware | All versions |
| Siemens | Logo\! Cmr2040 | - |
| Siemens | Logo\! Cmr2020 Firmware | All versions |
| Siemens | Logo\! Cmr2020 | - |
| Siemens | Ruggedcomrm 1224 Lte Firmware | < 7.1 |
| Siemens | Ruggedcomrm 1224 Lte | - |
| Siemens | Scalance M804Pb Firmware | < 7.1 |
| Siemens | Scalance M804Pb | - |
| Siemens | Scalance M812-1 Firmware | < 7.1 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdfThird Party Advisory
- https://hackerone.com/reports/1223565ExploitIssue TrackingPatch
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01bMailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01bMailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c2Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c2Mailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00017.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0003/Third Party Advisory
- https://www.debian.org/security/2022/dsa-5197Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-22924?
CVE-2021-22924 is a vulnerability with a CVSS score of 3.7 (LOW). libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ...
How severe is CVE-2021-22924?
CVE-2021-22924 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22924?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Libcurl, Fedoraproject Fedora, Debian Debian Linux, Netapp Cloud Backup, Netapp Clustered Data Ontap.