CVE-2021-22947 — MEDIUM (5.9)

Q: How severe is CVE-2021-22947?

CVE-2021-22947 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22947?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora, Debian Debian Linux, Netapp Cloud Backup, Netapp Clustered Data Ontap.

Vulnerability Description

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Haxx	Curl	>= 7.20.0, < 7.79.0
Fedoraproject	Fedora	33
Debian	Debian Linux	9.0
Netapp	Cloud Backup	-
Netapp	Clustered Data Ontap	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H300E Firmware	-
Netapp	H300E	-
Netapp	H500E Firmware	-
Netapp	H500E	-
Netapp	H700E Firmware	-
Netapp	H700E	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	Solidfire Baseboard Management Controller Firmware	-

Related Weaknesses (CWE)

CWE-310 CWE-345

References

http://seclists.org/fulldisclosure/2022/Mar/29Mailing ListThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
https://hackerone.com/reports/1334763ExploitIssue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202212-01Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0003/Third Party Advisory
https://support.apple.com/kb/HT213183Release NotesThird Party Advisory
https://www.debian.org/security/2022/dsa-5197Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory

FAQ

What is CVE-2021-22947?

CVE-2021-22947 is a vulnerability with a CVSS score of 5.9 (MEDIUM). When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that cu...

How severe is CVE-2021-22947?

CVE-2021-22947 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22947?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora, Debian Debian Linux, Netapp Cloud Backup, Netapp Clustered Data Ontap.