CURL-CVE-2021-22924
- Source
- https://curl.se/docs/CVE-2021-22924.html
- Import Source
- https://curl.se/docs/CURL-CVE-2021-22924.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CURL-CVE-2021-22924
- Aliases
- Published
- 2021-07-21T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- Bad connection reuse due to flawed path name checks
- Details
-
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup.
Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could lead to libcurl reusing wrong connections.
File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems.
The comparison also did not include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate.
- Database specific
{ "issue": "https://hackerone.com/reports/1223565", "URL": "https://curl.se/docs/CVE-2021-22924.json", "last_affected": "7.77.0", "affects": "both", "award": { "currency": "USD", "amount": "1200" }, "CWE": { "desc": "Improper Certificate Validation", "id": "CWE-295" }, "severity": "Medium", "package": "curl", "www": "https://curl.se/docs/CVE-2021-22924.html" }- References
-
- Credits
-
-
- Harry Sintonen - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.10.4Fixed7.78.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.10.4
7.10.5
7.10.6
7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.16.2
7.16.3
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0
7.64.0
7.64.1
7.65.0
7.65.1
7.65.2
7.65.3
7.66.0
7.67.0
7.68.0
7.69.0
7.69.1
7.70.0
7.71.0
7.71.1
7.72.0
7.73.0
7.74.0
7.75.0
7.76.0
7.76.1
7.77.0
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"target": {
"file": "lib/vtls/vtls.c",
"function": "Curl_ssl_config_matches"
},
"signature_version": "v1",
"digest": {
"length": 959.0,
"function_hash": "160738917255142178955719735977220262662"
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-000012e9"
},
{
"signature_type": "Function",
"target": {
"file": "lib/vtls/vtls.c",
"function": "Curl_clone_primary_ssl_config"
},
"signature_version": "v1",
"digest": {
"length": 607.0,
"function_hash": "242173141107224124593678877270860419379"
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-3090f164"
},
{
"signature_type": "Line",
"target": {
"file": "lib/vtls/gtls.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"92808530411196095553505616157115942300",
"45908650368393808521057200267284180006",
"65749180650725409552700972312456308709",
"279012087684869453557416819277899115117",
"103860506802024578069238006428027510678",
"71080160458351588707589298016896833413",
"8573403993379032944205432985058103251",
"290296481367090699367906201443546441822",
"164156621551702113882480748469909602192",
"37439760373268398819219735979266640793",
"264559488954933425065606112307380306297",
"147768301069492776064288891387278737600",
"24189586831723203088695513291558074805",
"101764922127543190502463200563219920239",
"195374512285048170792986521670755682324",
"4653310523144342939875486544856805823",
"153496304968905480299042061006678310230",
"25698682391873307635810879422215793501",
"19364255763905544985647682997849314189",
"201295286300248511913340915835683442594",
"241785596331168220846828305650148360325",
"9760484766662901931555145842670872098"
]
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-462e4343"
},
{
"signature_type": "Line",
"target": {
"file": "lib/url.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293346117710277402906988127379890480911",
"318951684812481869243577089894720244646",
"18170087799223666007426473235044785551",
"266187893201071675177604364123925103853",
"171260927682318293961594133787203067126",
"328809578005112650065821281926250553108",
"225365005245117342631172596991759472217",
"153111872541287374148010254532861402235",
"84844479104922469123145650136873381337",
"2839830162856843112537799467360632339",
"93781514207428267086035567221395752890",
"46550453571787906225150361732149447396",
"112115463682973560938950716028849298333",
"234419127224589967834346841740175619327",
"182311796693765693336368824111205311935",
"286586140641224583010268132967431241219",
"4549786900216407333280300744289060178",
"235038765624297746982724450876579261780",
"229353987035307832145937329149868806857"
]
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-5ffc7054"
},
{
"signature_type": "Function",
"target": {
"file": "lib/url.c",
"function": "create_conn"
},
"signature_version": "v1",
"digest": {
"length": 10376.0,
"function_hash": "248677399743325539643140681582998464273"
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-65c5d3c9"
},
{
"signature_type": "Line",
"target": {
"file": "lib/vtls/openssl.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15757231600732059158571126738210615864",
"117297194168511139335890601047691353274",
"138162738216625249823585872246671233443",
"147188775421521834898568518394550291605",
"89737260241347709804384695839942085590",
"318509396129690063523857738033106073097",
"264506098599363399822308635250389899908",
"274912860633912436608852698371101886353",
"226691280622271496660979682611784869483",
"175500027849282046470475612004391296625",
"134520456038036498335310997176798181588",
"205513155513630399959947656952210446268",
"204905006960169871119557553463088111225",
"175021463767232054193704746405311102677",
"23693625037367047861775064605680333386",
"191429445508757613753957535825142679963",
"302591730111736563819300950364465242614",
"97438422859912533387679836331737701037",
"330330332109499592883786629861615514265",
"290099400450357343265566085917158862950",
"120537013791886103479240535362162086080",
"97438422859912533387679836331737701037",
"237171504862118343897598936381192612659",
"251045997626051927972639140287717601528",
"269951754765483649621071236782919165257",
"339782191851451572074317887953510321708"
]
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-7abb74e2"
},
{
"signature_type": "Line",
"target": {
"file": "lib/vtls/vtls.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"178881535967346012844534644950804721617",
"15491625948753420841440374743570172541",
"149040547399085134523628283748476493915",
"286074142602130352306206274787889650603",
"103783743252185635213364904057627986924",
"44523985181067970189430356034193698845",
"147519152362249048856319206821814615632",
"123610764079018646825744040587986639482",
"28491497157451483591521087165952964885",
"105828568507482087968053650094540196569",
"17155300917969481069162815139569642501",
"149565981473750260567049695066475562244",
"146674854162478022566779611378330929397",
"105484363866334435499468113053511255352",
"68161695637551885713435561732280354275",
"171075501572669003584871720241871200760",
"86740406311077208702415908789574493621",
"30847945595387687381109931342760330654",
"283094443084957324069752826618452617396",
"333470389671590736452140016651734855648",
"252195360132147883602387796286157002936",
"118425473015913311769827279452339033834",
"227482610010153162648074697399567504837",
"285656102205084817448009996583162641794",
"99864908992219397062017706828922638924"
]
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-7fb98150"
},
{
"signature_type": "Line",
"target": {
"file": "lib/vtls/nss.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"253668304373867434131915883306279004843",
"6098749495236049606845501337078767604",
"113464609033696595307876047359290863092",
"161304663542919207107361156362112408225",
"157523912409415977762975736989244532732",
"37453528659375637919847176861485781957"
]
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-eed09ef4"
},
{
"signature_type": "Line",
"target": {
"file": "lib/urldata.h"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"277716173613333568270939873035932733905",
"243994665543004312243278186090819898326",
"333476890002922296191737523957188975406",
"108423462039099165372816647138974532328",
"301060764247840366787304667459951704429",
"143735507196655671240203607573988264066",
"106868650378686105475000263083078756885",
"204940380738548914723598794478466999600",
"251236219414679271158809357203900416385",
"18636468102943303674640048193104463704",
"194848697343772866306771499694126487788",
"201842751165840359112817185535784797224",
"175665670781964598315672527609109373936"
]
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-f21819f5"
},
{
"signature_type": "Function",
"target": {
"file": "lib/vtls/vtls.c",
"function": "Curl_free_primary_ssl_config"
},
"signature_version": "v1",
"digest": {
"length": 414.0,
"function_hash": "287691148767475833575965157359727109255"
},
"source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
"deprecated": false,
"id": "CURL-CVE-2021-22924-fb15ac30"
}
]
}