CURL-CVE-2021-22924

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2021-22924.html

Import Source

https://curl.se/docs/CURL-CVE-2021-22924.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2021-22924

Aliases

CVE-2021-22924

Published

2021-07-21T08:00:00Z

Modified

2024-06-07T13:53:51Z

Summary

Bad connection reuse due to flawed path name checks

Details

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup.

Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could lead to libcurl reusing wrong connections.

File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems.

The comparison also did not include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate.

Database specific

{
    "package": "curl",
    "last_affected": "7.77.0",
    "CWE": {
        "id": "CWE-295",
        "desc": "Improper Certificate Validation"
    },
    "www": "https://curl.se/docs/CVE-2021-22924.html",
    "URL": "https://curl.se/docs/CVE-2021-22924.json",
    "affects": "both",
    "severity": "Medium",
    "issue": "https://hackerone.com/reports/1223565",
    "award": {
        "currency": "USD",
        "amount": "1200"
    }
}

References

Credits

- Harry Sintonen - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.10.4

Fixed

7.78.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

89721ff04af70f527baae1368f3b992777bf6526

Fixed

5ea3145850ebff1dc2b13d17440300a01ca38161

Affected versions

7.*

7.10.4

7.10.5

7.10.6

7.10.7

7.10.8

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.12.2

7.12.3

7.13.0

7.13.1

7.13.2

7.14.0

7.14.1

7.15.0

7.15.1

7.15.2

7.15.3

7.15.4

7.15.5

7.16.0

7.16.1

7.16.2

7.16.3

7.16.4

7.17.0

7.17.1

7.18.0

7.18.1

7.18.2

7.19.0

7.19.1

7.19.2

7.19.3

7.19.4

7.19.5

7.19.6

7.19.7

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "function": "Curl_ssl_config_matches",
            "file": "lib/vtls/vtls.c"
        },
        "id": "CURL-CVE-2021-22924-000012e9",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "160738917255142178955719735977220262662",
            "length": 959.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "Curl_clone_primary_ssl_config",
            "file": "lib/vtls/vtls.c"
        },
        "id": "CURL-CVE-2021-22924-3090f164",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "242173141107224124593678877270860419379",
            "length": 607.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "lib/vtls/gtls.c"
        },
        "id": "CURL-CVE-2021-22924-462e4343",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "92808530411196095553505616157115942300",
                "45908650368393808521057200267284180006",
                "65749180650725409552700972312456308709",
                "279012087684869453557416819277899115117",
                "103860506802024578069238006428027510678",
                "71080160458351588707589298016896833413",
                "8573403993379032944205432985058103251",
                "290296481367090699367906201443546441822",
                "164156621551702113882480748469909602192",
                "37439760373268398819219735979266640793",
                "264559488954933425065606112307380306297",
                "147768301069492776064288891387278737600",
                "24189586831723203088695513291558074805",
                "101764922127543190502463200563219920239",
                "195374512285048170792986521670755682324",
                "4653310523144342939875486544856805823",
                "153496304968905480299042061006678310230",
                "25698682391873307635810879422215793501",
                "19364255763905544985647682997849314189",
                "201295286300248511913340915835683442594",
                "241785596331168220846828305650148360325",
                "9760484766662901931555145842670872098"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "lib/url.c"
        },
        "id": "CURL-CVE-2021-22924-5ffc7054",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "293346117710277402906988127379890480911",
                "318951684812481869243577089894720244646",
                "18170087799223666007426473235044785551",
                "266187893201071675177604364123925103853",
                "171260927682318293961594133787203067126",
                "328809578005112650065821281926250553108",
                "225365005245117342631172596991759472217",
                "153111872541287374148010254532861402235",
                "84844479104922469123145650136873381337",
                "2839830162856843112537799467360632339",
                "93781514207428267086035567221395752890",
                "46550453571787906225150361732149447396",
                "112115463682973560938950716028849298333",
                "234419127224589967834346841740175619327",
                "182311796693765693336368824111205311935",
                "286586140641224583010268132967431241219",
                "4549786900216407333280300744289060178",
                "235038765624297746982724450876579261780",
                "229353987035307832145937329149868806857"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "create_conn",
            "file": "lib/url.c"
        },
        "id": "CURL-CVE-2021-22924-65c5d3c9",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "248677399743325539643140681582998464273",
            "length": 10376.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "lib/vtls/openssl.c"
        },
        "id": "CURL-CVE-2021-22924-7abb74e2",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "15757231600732059158571126738210615864",
                "117297194168511139335890601047691353274",
                "138162738216625249823585872246671233443",
                "147188775421521834898568518394550291605",
                "89737260241347709804384695839942085590",
                "318509396129690063523857738033106073097",
                "264506098599363399822308635250389899908",
                "274912860633912436608852698371101886353",
                "226691280622271496660979682611784869483",
                "175500027849282046470475612004391296625",
                "134520456038036498335310997176798181588",
                "205513155513630399959947656952210446268",
                "204905006960169871119557553463088111225",
                "175021463767232054193704746405311102677",
                "23693625037367047861775064605680333386",
                "191429445508757613753957535825142679963",
                "302591730111736563819300950364465242614",
                "97438422859912533387679836331737701037",
                "330330332109499592883786629861615514265",
                "290099400450357343265566085917158862950",
                "120537013791886103479240535362162086080",
                "97438422859912533387679836331737701037",
                "237171504862118343897598936381192612659",
                "251045997626051927972639140287717601528",
                "269951754765483649621071236782919165257",
                "339782191851451572074317887953510321708"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "lib/vtls/vtls.c"
        },
        "id": "CURL-CVE-2021-22924-7fb98150",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "178881535967346012844534644950804721617",
                "15491625948753420841440374743570172541",
                "149040547399085134523628283748476493915",
                "286074142602130352306206274787889650603",
                "103783743252185635213364904057627986924",
                "44523985181067970189430356034193698845",
                "147519152362249048856319206821814615632",
                "123610764079018646825744040587986639482",
                "28491497157451483591521087165952964885",
                "105828568507482087968053650094540196569",
                "17155300917969481069162815139569642501",
                "149565981473750260567049695066475562244",
                "146674854162478022566779611378330929397",
                "105484363866334435499468113053511255352",
                "68161695637551885713435561732280354275",
                "171075501572669003584871720241871200760",
                "86740406311077208702415908789574493621",
                "30847945595387687381109931342760330654",
                "283094443084957324069752826618452617396",
                "333470389671590736452140016651734855648",
                "252195360132147883602387796286157002936",
                "118425473015913311769827279452339033834",
                "227482610010153162648074697399567504837",
                "285656102205084817448009996583162641794",
                "99864908992219397062017706828922638924"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "lib/vtls/nss.c"
        },
        "id": "CURL-CVE-2021-22924-eed09ef4",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "253668304373867434131915883306279004843",
                "6098749495236049606845501337078767604",
                "113464609033696595307876047359290863092",
                "161304663542919207107361156362112408225",
                "157523912409415977762975736989244532732",
                "37453528659375637919847176861485781957"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "lib/urldata.h"
        },
        "id": "CURL-CVE-2021-22924-f21819f5",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "277716173613333568270939873035932733905",
                "243994665543004312243278186090819898326",
                "333476890002922296191737523957188975406",
                "108423462039099165372816647138974532328",
                "301060764247840366787304667459951704429",
                "143735507196655671240203607573988264066",
                "106868650378686105475000263083078756885",
                "204940380738548914723598794478466999600",
                "251236219414679271158809357203900416385",
                "18636468102943303674640048193104463704",
                "194848697343772866306771499694126487788",
                "201842751165840359112817185535784797224",
                "175665670781964598315672527609109373936"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "Curl_free_primary_ssl_config",
            "file": "lib/vtls/vtls.c"
        },
        "id": "CURL-CVE-2021-22924-fb15ac30",
        "source": "https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "287691148767475833575965157359727109255",
            "length": 414.0
        }
    }
]