CVE-2021-22946

UNKNOWN

Published 2021-09-29T00:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-22946. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-3cmq-42w4-c529

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-22946

WEB https://hackerone.com/reports/1334111

WEB https://www.oracle.com/security-alerts/cpuoct2021.html

WEB https://www.oracle.com/security-alerts/cpujul2022.html

WEB https://www.oracle.com/security-alerts/cpujan2022.html

WEB https://www.oracle.com/security-alerts/cpuapr2022.html

WEB https://www.debian.org/security/2022/dsa-5197

WEB https://support.apple.com/kb/HT213183

WEB https://security.netapp.com/advisory/ntap-20220121-0008

WEB https://security.netapp.com/advisory/ntap-20211029-0003

WEB https://security.gentoo.org/glsa/202212-01

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD

WEB https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

WEB https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

WEB http://seclists.org/fulldisclosure/2022/Mar/29

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: March 27, 2024

References

https://hackerone.com/reports/1334111

https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

https://www.oracle.com/security-alerts/cpuoct2021.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

https://www.oracle.com/security-alerts/cpujan2022.html

https://security.netapp.com/advisory/ntap-20211029-0003/

https://security.netapp.com/advisory/ntap-20220121-0008/

http://seclists.org/fulldisclosure/2022/Mar/29

https://www.oracle.com/security-alerts/cpuapr2022.html

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

https://support.apple.com/kb/HT213183

https://www.oracle.com/security-alerts/cpujul2022.html

https://www.debian.org/security/2022/dsa-5197

https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

https://security.gentoo.org/glsa/202212-01

Published: 2021-09-29T00:00:00

Last Modified: 2024-08-03T18:58:26.135Z

Copied to clipboard!

CVE-2021-22946

Expert Analysis

Description

Available Exploits

Related News

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!