CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

CVSS v3.0 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://hackerone.com/reports/1223565	Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Third Party Advisory
https://www.debian.org/security/2022/dsa-5197
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::

Configuration 6 (hide)

OR	cpe:2.3:a:siemens:sinec_infrastructure_network_services::::::::
	cpe:2.3:a:siemens:sinema_remote_connect_server::::::::

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*

Configuration 26 (hide)

cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*

Information

Published : 2021-08-05 14:15

Updated : 2022-08-28 18:15

NVD link : CVE-2021-22924

Mitre link : CVE-2021-22924

JSON object : View

CWE

CWE-706

Use of Incorrectly-Resolved Name or Reference

Products Affected

netapp

cloud_backup
solidfire_\&_hci_management_node
clustered_data_ontap
solidfire_baseboard_management_controller_firmware

siemens

scalance_m876-3_firmware
simatic_rtu3030c_firmware
sinec_infrastructure_network_services
scalance_mum856-1
simatic_cp_1543-1_firmware
scalance_m812-1
sinema_remote_connect_server
logo\!_cmr2020_firmware
simatic_cp_1545-1
scalance_m876-4_firmware
scalance_m874-2
scalance_m874-2_firmware
scalance_m816-1
sinema_remote_connect
scalance_m874-3
scalance_m804pb
scalance_m826-2
logo\!_cmr2040_firmware
ruggedcomrm_1224_lte_firmware
scalance_m876-4
scalance_m812-1_firmware
scalance_m874-3_firmware
logo\!_cmr2040
simatic_rtu_3041c_firmware
scalance_m876-3
simatic_cp_1543-1
logo\!_cmr2020
simatic_rtu3031c
simatic_rtu3031c_firmware
ruggedcomrm_1224_lte
scalance_s615
simatic_rtu3010c_firmware
scalance_m804pb_firmware
siplus_net_cp_1543-1
scalance_m826-2_firmware
simatic_rtu3030c
scalance_s615_firmware
simatic_cp_1545-1_firmware
scalance_mum856-1_firmware
simatic_rtu3010c
siplus_net_cp_1543-1_firmware
scalance_m816-1_firmware
simatic_rtu_3041c

oracle

peoplesoft_enterprise_peopletools
mysql_server

fedoraproject

fedora

debian

debian_linux

haxx

libcurl

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-22924

3.7^/10

4.3^/10

Attach tags to `CVE-2021-22924`