CVE-2021-22924

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22924
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22924.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22924
Aliases
Downstream
Related
Published
2021-08-05T21:15:11.380Z
Modified
2026-02-09T04:34:05.724565Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

References

Affected packages

Git / github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
30077692dc6b4724f08bc5ef2e85c955f8cb305d

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.24-beta
mysql-3.23.27-beta
mysql-3.23.28-gamma
mysql-3.23.29a-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.34
mysql-3.23.35
mysql-3.23.36
mysql-3.23.37
mysql-3.23.38
mysql-3.23.39
mysql-3.23.41
mysql-3.23.42
mysql-3.23.44
mysql-3.23.45
mysql-3.23.46
mysql-3.23.47
mysql-3.23.48
mysql-3.23.50
mysql-3.23.51
mysql-3.23.52
mysql-3.23.53
mysql-3.23.54
mysql-3.23.55
mysql-3.23.56
mysql-3.23.57
mysql-3.23.58
mysql-4.*
mysql-4.0.1
mysql-4.0.10
mysql-4.0.11
mysql-4.0.12
mysql-4.0.13
mysql-4.0.14
mysql-4.0.15
mysql-4.0.16
mysql-4.0.17
mysql-4.0.18
mysql-4.0.19
mysql-4.0.2
mysql-4.0.20
mysql-4.0.21
mysql-4.0.22
mysql-4.0.23
mysql-4.0.24
mysql-4.0.25
mysql-4.0.26
mysql-4.0.3
mysql-4.0.4
mysql-4.0.5
mysql-4.0.6
mysql-4.0.7
mysql-4.0.8
mysql-4.0.9
mysql-4.1.0
mysql-4.1.1
mysql-4.1.10
mysql-4.1.10a
mysql-4.1.10b
mysql-4.1.11
mysql-4.1.12
mysql-4.1.13
mysql-4.1.13a
mysql-4.1.14
mysql-4.1.2
mysql-4.1.3
mysql-4.1.4
mysql-4.1.5
mysql-4.1.6
mysql-4.1.7
mysql-4.1.8
mysql-4.1.9
mysql-5.*
mysql-5.0.0
mysql-5.0.1
mysql-5.0.10
mysql-5.0.10a
mysql-5.0.11
mysql-5.0.12
mysql-5.0.13
mysql-5.0.2
mysql-5.0.2-alpha
mysql-5.0.3
mysql-5.0.4
mysql-5.0.5
mysql-5.0.6
mysql-5.0.7
mysql-5.0.8
mysql-5.0.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22924.json"

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1da43e5e916949c8e849e656d9d05fa4b9d6836c
Fixed
c94d53db0e54d919ed3d37b85bd8d6e7f5a64a9e

Affected versions

v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22924.json"