CVE-2021-22926

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPT_SSLCERT option (--cert with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like /tmp), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

References

Affected packages

Alpine:v3.11 / curl

Package

Name: curl
Purl: pkg:apk/alpine/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.67.0-r5

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.67.0-r1

7.67.0-r2

7.67.0-r3

7.67.0-r4

Git / github.com/curl/curl

Affected ranges

Type: GIT
Repo: https://github.com/curl/curl
Events: Introduced

f77e89c5d20db09eaebf378ec036a7e796932810

Fixed

bfbde883af33397943df68a3ae01847a634d33bf

Affected versions

Other

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0

curl-7_74_0

curl-7_75_0

curl-7_76_0

curl-7_76_1

curl-7_77_0