CVE-2021-22922

🗓️ 05 Aug 2021 00:00:00Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 335 Views

The metalink feature in curl does not properly detect when downloaded content has a hash mismatch, potentially leading to the storage of malicious content on disk

Reporter	Title	Published	Views	Family All 331
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	7 May 202417:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	1 Nov 202120:13	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93	14 Mar 202220:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	17 Oct 202400:12	–	ibm
FreeBSD	cURL -- Multiple vulnerabilities	21 Jul 202100:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : curl, --advisory ALAS2-2021-1700 (ALAS-2021-1700)	16 Sep 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0070: curl (ALINUX3-SA-2021:0070)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : curl (ALSA-2021:3582)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : curl (CESA-2021:3582)	22 Sep 202100:00	–	nessus

NVD

Vulners

Node

haxx curlRange7.27.0–7.78.0

Node

fedoraproject fedoraMatch33

Node

netapp cloud_backupMatch-

netapp clustered_data_ontapMatch-

netapp hci_management_nodeMatch-

netapp solidfireMatch-

Node

oracle mysql_serverRange5.7.0–5.7.35

oracle mysql_serverRange8.0.0–8.0.26

Node

siemens sinec_infrastructure_network_servicesRange<1.0.1.1

Node

netapp h300s_firmwareMatch-

AND

netapp h300sMatch-

Node

netapp h500s_firmwareMatch-

AND

netapp h500sMatch-

Node

netapp h700s_firmwareMatch-

AND

netapp h700sMatch-

Node

netapp h300e_firmwareMatch-

AND

netapp h300eMatch-

Node

netapp h500e_firmwareMatch-

AND

netapp h500eMatch-

Node

netapp h700e_firmwareMatch-

AND

netapp h700eMatch-

Node

netapp h410s_firmwareMatch-

AND

netapp h410sMatch-

Node

splunk universal_forwarderRange8.2.0–8.2.12

splunk universal_forwarderRange9.0.0–9.0.6

splunk universal_forwarderMatch9.1.0

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "curl 7.27.0  to and including 7.77.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpuoct2021.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
security	www.security.gentoo.org/glsa/202212-01
lists	www.lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
security	www.security.netapp.com/advisory/ntap-20210902-0003/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
lists	www.lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
lists	www.lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
hackerone	www.hackerone.com/reports/1213175
lists	www.lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E

16 Apr 2026 15:16Current

6.6Medium risk

Vulners AI Score6.6

CVSS 24.3

CVSS 3.16.5

EPSS0.00146

SSVC