Lucene search

K
nvd[email protected]NVD:CVE-2021-22924
HistoryAug 05, 2021 - 9:15 p.m.

CVE-2021-22924

2021-08-0521:15:11
CWE-20
CWE-706
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

53.6%

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ‘issuercert’ into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn’t include the ‘issuer cert’ which a transfer can setto qualify how to verify the server certificate.

Affected configurations

NVD
Node
haxxlibcurlRange7.10.47.77.0
Node
fedoraprojectfedoraMatch33
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
netappcloud_backupMatch-
OR
netappclustered_data_ontapMatch-
OR
netappsolidfire_\&_hci_management_nodeMatch-
OR
netappsolidfire_baseboard_management_controller_firmwareMatch-
Node
oraclemysql_serverRange5.7.05.7.36
OR
oraclemysql_serverRange8.0.08.0.26
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.58
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.59
Node
siemenssinec_infrastructure_network_servicesRange<1.0.1.1
OR
siemenssinema_remote_connect_serverRange<3.1
Node
siemenslogo\!_cmr2040_firmware
AND
siemenslogo\!_cmr2040Match-
Node
siemenslogo\!_cmr2020_firmware
AND
siemenslogo\!_cmr2020Match-
Node
siemensruggedcomrm_1224_lte_firmwareRange<7.1
AND
siemensruggedcomrm_1224_lteMatch-
Node
siemensscalance_m804pb_firmwareRange<7.1
AND
siemensscalance_m804pbMatch-
Node
siemensscalance_m812-1_firmwareRange<7.1
AND
siemensscalance_m812-1Match-
Node
siemensscalance_m816-1_firmwareRange<7.1
AND
siemensscalance_m816-1Match-
Node
siemensscalance_m826-2_firmwareRange<7.1
AND
siemensscalance_m826-2Match-
Node
siemensscalance_m874-2_firmwareRange<7.1
AND
siemensscalance_m874-2Match-
Node
siemensscalance_m874-3_firmwareRange<7.1
AND
siemensscalance_m874-3Match-
Node
siemensscalance_m876-3_firmwareRange<7.1
AND
siemensscalance_m876-3Match-
Node
siemensscalance_m876-4_firmwareRange<7.1
AND
siemensscalance_m876-4Match-
Node
siemensscalance_mum856-1_firmwareRange<7.1
AND
siemensscalance_mum856-1Match-
Node
siemensscalance_s615_firmwareRange<7.1
AND
siemensscalance_s615Match-
Node
siemenssimatic_cp_1543-1_firmwareRange<3.0.22
AND
siemenssimatic_cp_1543-1Match-
Node
siemenssimatic_cp_1545-1_firmwareRange<1.1
AND
siemenssimatic_cp_1545-1Match-
Node
siemenssimatic_rtu3010c_firmwareRange<5.0.14
AND
siemenssimatic_rtu3010cMatch-
Node
siemenssimatic_rtu3030c_firmwareRange<5.0.14
AND
siemenssimatic_rtu3030cMatch-
Node
siemenssimatic_rtu3031c_firmwareRange<5.0.14
AND
siemenssimatic_rtu3031cMatch-
Node
siemenssimatic_rtu_3041c_firmwareRange<5.0.14
AND
siemenssimatic_rtu_3041cMatch-
Node
siemenssinema_remote_connectRange<3.1
Node
siemenssiplus_net_cp_1543-1_firmwareRange<3.0.22
AND
siemenssiplus_net_cp_1543-1Match-
Node
splunkuniversal_forwarderRange8.2.08.2.12
OR
splunkuniversal_forwarderRange9.0.09.0.6
OR
splunkuniversal_forwarderMatch9.1.0

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

53.6%