Lucene search
K

21 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

libcurl keeps previously used connections in a connection pool so that they can be reused for subsequent transfers, if one of them matches the setup. Due to errors in the logic, the configuration matching function did not take ‘issuercert’ into account, and the involved paths were compared case...

4.3CVSS6.5AI score0.0627EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/01/19 8:10 p.m.57 views

curl: SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends

Summary: The SSL options ISSUERCERT, ECCURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the ECCURVES bug. Affected version Tested with...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/11/04 3:43 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the getIssuerCertificate function. An attacker can gain unauthorized access to Secrets in other namespaces by bypassing RBAC restrictions. This is only exploitable if the attacker has permission to create...

8.7CVSS7AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2025/10/10 3:4 p.m.10 views

JLSEC-2025-28 libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if ...

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.8AI score0.0627EPSS
Exploits1References30
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10053

Malware in sbrugna...

4.3CVSS6.1AI score0.0627EPSS
Exploits1References24
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2021-22924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, th...

4.3CVSS6.2AI score0.0627EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.11 views

SUSE CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

5.4CVSS6.2AI score0.0627EPSS
Exploits1References86
RedHat Linux
RedHat Linux
added 2022/04/13 2:31 p.m.10 views

curl: Bad connection reuse due to flawed path name checks

A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality...

4.3CVSS7.1AI score0.0627EPSS
Exploits1References5
OSV
OSV
added 2021/10/28 10:12 p.m.5 views

CLSA-2021-1635459168 Fix CVE(s): CVE-2021-22924

SECURITY UPDATE: fix connection reuse checks - debian/patches/CVE-2021-22924.patch: fix connection reuse checks - for issuer cert and case sensitivity in lib/vtls/vtls.c - CVE-2021-22924...

4.3CVSS6.6AI score0.0627EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 5:8 p.m.10 views

CLSA-2021-1634922534 Fixed CVE-2021-22924 in curl

fix connection reuse checks for issuer cert and case sensitivity CVE-2021-22924...

4.3CVSS6.6AI score0.0627EPSS
Exploits1References1
OSV
OSV
added 2021/09/21 10:10 p.m.10 views

CLSA-2021-1632262236 Fix of CVE: CVE-2021-22924

fix connection reuse checks for issuer cert and case sensitivity CVE-2021-22924...

4.3CVSS6.8AI score0.0627EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2021/09/21 12:25 p.m.5 views

curl: Bad connection reuse due to flawed path name checks

A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality...

4.3CVSS7.1AI score0.0627EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2021/08/17 7:0 a.m.4 views

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.Due to errors in the logic the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*which could lead to libcurl reusing wrong connections.File paths are or can be case sensitive on many systems but not all and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

...

4.3CVSS6.2AI score0.0627EPSS
Exploits1
OSV
OSV
added 2021/08/06 11:3 a.m.3 views

OESA-2021-1300 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors...

4.3CVSS6.8AI score0.0627EPSS
Exploits1References2
OSV
OSV
added 2021/08/05 9:15 p.m.13 views

AZL-6367 CVE-2021-22924 affecting package curl for versions less than 7.76.0-5

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS6.5AI score0.0627EPSS
Exploits1References1
OSV
OSV
added 2021/08/05 9:15 p.m.0 views

DEBIAN-CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS6.1AI score0.0627EPSS
Exploits1References1
OSV
OSV
added 2021/08/05 9:15 p.m.3 views

ALPINE-CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS6.8AI score0.0627EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2021/08/05 8:16 p.m.8 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

6AI score0.0627EPSS
Exploits1References15
OSV
OSV
added 2021/07/21 8:0 a.m.10 views

CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

4.3CVSS5.4AI score0.0627EPSS
Exploits1
curl security advisories
curl security advisories
added 2021/07/21 8:0 a.m.11 views

Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

4.3CVSS6.2AI score0.0627EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder