CVE-2021-22946
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
Un usuario puede decirle a curl versiones posteriores a 7.20.0 incluyéndola , y versiones anteriores a 7.78.0 incluyéndola, que requiera una actualización con éxito a TLS cuando hable con un servidor IMAP, POP3 o FTP ("--ssl-reqd" en la línea de comandos o "CURLOPT_USE_SSL" configurado como "CURLUSESSL_CONTROL" o "CURLUSESSL_ALL" conlibcurl). Este requisito podría ser omitido si el servidor devolviera una respuesta correctamente diseñada pero perfectamente legítima. Este fallo haría que curl continuara silenciosamente sus operaciones **withoutTLS** en contra de las instrucciones y expectativas, exponiendo posiblemente datos confidenciales en texto sin cifrar a través de la red
A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl client continue its operation without TLS encryption leading to data being transmitted in clear text over the network. The highest threat from this vulnerability is to data confidentiality.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-06 CVE Reserved
- 2021-09-15 CVE Published
- 2024-06-14 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-325: Missing Cryptographic Step
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2022/Mar/29 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20211029-0003 | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20220121-0008 | Third Party Advisory |
|
| https://support.apple.com/kb/HT213183 | Release Notes |
|
| https://www.oracle.com/security-alerts/cpujan2022.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/1334111 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpujul2022.html | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | 2024-03-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H300e Firmware Search vendor "Netapp" for product "H300e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300e Search vendor "Netapp" for product "H300e" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500e Firmware Search vendor "Netapp" for product "H500e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500e Search vendor "Netapp" for product "H500e" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700e Firmware Search vendor "Netapp" for product "H700e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700e Search vendor "Netapp" for product "H700e" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Safe
|
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | >= 7.20.0 < 7.79.0 Search vendor "Haxx" for product "Curl" and version " >= 7.20.0 < 7.79.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 1.11.0 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.11.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" | 1.10.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.10.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.15.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" | 1.8.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.8.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Service Communication Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "1.15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | >= 5.7.0 <= 5.7.35 Search vendor "Oracle" for product "Mysql Server" and version " >= 5.7.0 <= 5.7.35" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | >= 8.0.0 <= 8.0.26 Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.0 <= 8.0.26" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 12.3 Search vendor "Apple" for product "Macos" and version " < 12.3" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Commerce Guided Search Search vendor "Oracle" for product "Commerce Guided Search" | 11.3.2 Search vendor "Oracle" for product "Commerce Guided Search" and version "11.3.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 22.1.3 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console" | 22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "22.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" | 22.1.1 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "22.1.1" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | 9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0" | - |
Affected
| ||||||