CVE-2021-22924

curl: Bad connection reuse due to flawed path name checks

Severity Score

3.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

libcurl mantiene las conexiones usadas previamente en un pool de conexiones para reusarlas en posteriores transferencias, si una de ellas coincide con la configuración. Debido a errores en la lógica, la función de coincidencia de la configuración no tenía en cuenta "issuercert" y comparaba las rutas implicadas *sin tener en cuenta el caso*, que podía conllevar a que libcurl reusara conexiones erróneas. Las rutas de los archivos son, o pueden ser, casos confidenciales en muchos sistemas, pero no en todos, y pueden incluso variar dependiendo de los sistemas de archivos usados. La comparación tampoco incluía el "issuercert" que una transferencia puede ajustar para calificar cómo verificar el certificado del servidor

A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-06 CVE Reserved
2021-07-22 CVE Published
2024-04-21 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-295: Improper Certificate Validation
CWE-706: Use of Incorrectly-Resolved Name or Reference

CAPEC

References (17)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf	Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E	Mailing List
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html	Mailing List
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html	Mailing List
https://security.netapp.com/advisory/ntap-20210902-0003	Third Party Advisory

URL	Date	SRC
https://hackerone.com/reports/1223565	2024-08-03

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	2024-03-27
https://www.oracle.com/security-alerts/cpujan2022.html	2024-03-27
https://www.oracle.com/security-alerts/cpuoct2021.html	2024-03-27

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V	2024-03-27
https://www.debian.org/security/2022/dsa-5197	2024-03-27
https://access.redhat.com/security/cve/CVE-2021-22924	2022-04-13
https://bugzilla.redhat.com/show_bug.cgi?id=1981460	2022-04-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Logo\! Cmr2040 Firmware Search vendor "Siemens" for product "Logo\! Cmr2040 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Logo\! Cmr2040 Search vendor "Siemens" for product "Logo\! Cmr2040"	-	-	Safe
Siemens Search vendor "Siemens"	Logo\! Cmr2020 Firmware Search vendor "Siemens" for product "Logo\! Cmr2020 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Logo\! Cmr2020 Search vendor "Siemens" for product "Logo\! Cmr2020"	-	-	Safe
Siemens Search vendor "Siemens"	Ruggedcomrm 1224 Lte Firmware Search vendor "Siemens" for product "Ruggedcomrm 1224 Lte Firmware"	< 7.1 Search vendor "Siemens" for product "Ruggedcomrm 1224 Lte Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Ruggedcomrm 1224 Lte Search vendor "Siemens" for product "Ruggedcomrm 1224 Lte"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M804pb Firmware Search vendor "Siemens" for product "Scalance M804pb Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M804pb Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M804pb Search vendor "Siemens" for product "Scalance M804pb"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M812-1 Firmware Search vendor "Siemens" for product "Scalance M812-1 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M812-1 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M812-1 Search vendor "Siemens" for product "Scalance M812-1"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M816-1 Firmware Search vendor "Siemens" for product "Scalance M816-1 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M816-1 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M816-1 Search vendor "Siemens" for product "Scalance M816-1"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M826-2 Firmware Search vendor "Siemens" for product "Scalance M826-2 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M826-2 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M826-2 Search vendor "Siemens" for product "Scalance M826-2"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M874-2 Firmware Search vendor "Siemens" for product "Scalance M874-2 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M874-2 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M874-2 Search vendor "Siemens" for product "Scalance M874-2"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M874-3 Firmware Search vendor "Siemens" for product "Scalance M874-3 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M874-3 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M874-3 Search vendor "Siemens" for product "Scalance M874-3"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M876-3 Firmware Search vendor "Siemens" for product "Scalance M876-3 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M876-3 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M876-3 Search vendor "Siemens" for product "Scalance M876-3"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M876-4 Firmware Search vendor "Siemens" for product "Scalance M876-4 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance M876-4 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M876-4 Search vendor "Siemens" for product "Scalance M876-4"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Mum856-1 Firmware Search vendor "Siemens" for product "Scalance Mum856-1 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance Mum856-1 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Mum856-1 Search vendor "Siemens" for product "Scalance Mum856-1"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance S615 Firmware Search vendor "Siemens" for product "Scalance S615 Firmware"	< 7.1 Search vendor "Siemens" for product "Scalance S615 Firmware" and version " < 7.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance S615 Search vendor "Siemens" for product "Scalance S615"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Cp 1543-1 Firmware Search vendor "Siemens" for product "Simatic Cp 1543-1 Firmware"	< 3.0.22 Search vendor "Siemens" for product "Simatic Cp 1543-1 Firmware" and version " < 3.0.22"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Cp 1543-1 Search vendor "Siemens" for product "Simatic Cp 1543-1"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Cp 1545-1 Firmware Search vendor "Siemens" for product "Simatic Cp 1545-1 Firmware"	< 1.1 Search vendor "Siemens" for product "Simatic Cp 1545-1 Firmware" and version " < 1.1"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Cp 1545-1 Search vendor "Siemens" for product "Simatic Cp 1545-1"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Rtu3010c Firmware Search vendor "Siemens" for product "Simatic Rtu3010c Firmware"	< 5.0.14 Search vendor "Siemens" for product "Simatic Rtu3010c Firmware" and version " < 5.0.14"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Rtu3010c Search vendor "Siemens" for product "Simatic Rtu3010c"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Rtu3030c Firmware Search vendor "Siemens" for product "Simatic Rtu3030c Firmware"	< 5.0.14 Search vendor "Siemens" for product "Simatic Rtu3030c Firmware" and version " < 5.0.14"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Rtu3030c Search vendor "Siemens" for product "Simatic Rtu3030c"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Rtu3031c Firmware Search vendor "Siemens" for product "Simatic Rtu3031c Firmware"	< 5.0.14 Search vendor "Siemens" for product "Simatic Rtu3031c Firmware" and version " < 5.0.14"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Rtu3031c Search vendor "Siemens" for product "Simatic Rtu3031c"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Rtu 3041c Firmware Search vendor "Siemens" for product "Simatic Rtu 3041c Firmware"	< 5.0.14 Search vendor "Siemens" for product "Simatic Rtu 3041c Firmware" and version " < 5.0.14"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Rtu 3041c Search vendor "Siemens" for product "Simatic Rtu 3041c"	-	-	Safe
Siemens Search vendor "Siemens"	Siplus Net Cp 1543-1 Firmware Search vendor "Siemens" for product "Siplus Net Cp 1543-1 Firmware"	< 3.0.22 Search vendor "Siemens" for product "Siplus Net Cp 1543-1 Firmware" and version " < 3.0.22"	-	Affected	in	Siemens Search vendor "Siemens"	Siplus Net Cp 1543-1 Search vendor "Siemens" for product "Siplus Net Cp 1543-1"	-	-	Safe
Haxx Search vendor "Haxx"		Libcurl Search vendor "Haxx" for product "Libcurl"				>= 7.10.4 < 7.77.0 Search vendor "Haxx" for product "Libcurl" and version " >= 7.10.4 < 7.77.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Netapp Search vendor "Netapp"		Cloud Backup Search vendor "Netapp" for product "Cloud Backup"				-		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware"				-		-		Affected
Oracle Search vendor "Oracle"		Mysql Server Search vendor "Oracle" for product "Mysql Server"				>= 5.7.0 <= 5.7.36 Search vendor "Oracle" for product "Mysql Server" and version " >= 5.7.0 <= 5.7.36"		-		Affected
Oracle Search vendor "Oracle"		Mysql Server Search vendor "Oracle" for product "Mysql Server"				>= 8.0.0 <= 8.0.26 Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.0 <= 8.0.26"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"		-		Affected
Siemens Search vendor "Siemens"		Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services"				< 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1"		-		Affected
Siemens Search vendor "Siemens"		Sinema Remote Connect Server Search vendor "Siemens" for product "Sinema Remote Connect Server"				< 3.1 Search vendor "Siemens" for product "Sinema Remote Connect Server" and version " < 3.1"		-		Affected
Siemens Search vendor "Siemens"		Sinema Remote Connect Search vendor "Siemens" for product "Sinema Remote Connect"				< 3.1 Search vendor "Siemens" for product "Sinema Remote Connect" and version " < 3.1"		-		Affected
Splunk Search vendor "Splunk"		Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder"				>= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12"		-		Affected
Splunk Search vendor "Splunk"		Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder"				>= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6"		-		Affected
Splunk Search vendor "Splunk"		Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder"				9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0"		-		Affected