curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3 libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

🗓️ 10 Mar 2023 08:00:00Reported by MicrosoftType

Curl 7.63.0 to 7.75.0 enables MITM via secure http proxy using TLS 1.3 session tickets.

Reporter	Title	Published	Views	Family All 112
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2021-22876 and CVE-2021-22890)	14 Jun 202211:49	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules	10 Aug 202120:52	–	ibm
AlpineLinux	CVE-2021-22890	1 Apr 202117:46	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в curl	3 May 202623:59	–	astralinux
Broadcom	curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection	12 Jun 202300:00	–	broadcom
CBLMariner	CVE-2021-22890 affecting package curl 7.74.0-1	11 Aug 202106:39	–	cbl_mariner
Cloud Foundry	USN-4898-1: curl vulnerabilities \| Cloud Foundry	29 Apr 202100:00	–	cloudfoundry
CNNVD	Haxx libcurl 安全漏洞	31 Mar 202100:00	–	cnnvd
CNVD	HAXX libcurl man-in-the-middle attack vulnerability (CNVD-2021-31934)	2 Apr 202100:00	–	cnvd
CVE	CVE-2021-22890	1 Apr 202117:46	–	cve