UBUNTU-CVE-2021-22946
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2021-22946
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-22946.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-22946
- Related
- Published
- 2021-09-15T00:00:00Z
- Modified
- 2021-09-15T00:00:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (
--ssl-reqdon the command line orCURLOPT_USE_SSLset toCURLUSESSL_CONTROLorCURLUSESSL_ALLwithlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. - References
Affected packages
Ubuntu:Pro:14.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm8?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.35.0-1ubuntu2.20+esm8
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"curl-udeb": "7.35.0-1ubuntu2.20+esm8",
"libcurl3": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-gnutls-dev": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-nss": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-doc": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-gnutls-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-openssl-dev": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-openssl-dev-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"curl-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"curl": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-udeb": "7.35.0-1ubuntu2.20+esm8",
"curl-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-nss-dev-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-gnutls": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-gnutls-dev-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-nss-dbgsym": "7.35.0-1ubuntu2.20+esm8",
"libcurl3-dbg": "7.35.0-1ubuntu2.20+esm8",
"libcurl4-nss-dev": "7.35.0-1ubuntu2.20+esm8"
}
]
}
Ubuntu:Pro:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm1?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.47.0-1ubuntu2.19+esm1
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libcurl3": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-gnutls-dev": "7.47.0-1ubuntu2.19+esm1",
"libcurl3-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"libcurl3-nss": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-doc": "7.47.0-1ubuntu2.19+esm1",
"libcurl3-gnutls-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-openssl-dev": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-openssl-dev-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"curl-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"curl": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-nss-dev-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"libcurl3-gnutls": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-gnutls-dev-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"libcurl3-nss-dbgsym": "7.47.0-1ubuntu2.19+esm1",
"libcurl3-dbg": "7.47.0-1ubuntu2.19+esm1",
"libcurl4-nss-dev": "7.47.0-1ubuntu2.19+esm1"
}
]
}
Ubuntu:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.15?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.58.0-2ubuntu3.15
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"curl-dbgsym": "7.58.0-2ubuntu3.15",
"curl": "7.58.0-2ubuntu3.15",
"libcurl4": "7.58.0-2ubuntu3.15",
"libcurl4-gnutls-dev": "7.58.0-2ubuntu3.15",
"libcurl4-dbgsym": "7.58.0-2ubuntu3.15",
"libcurl3-nss": "7.58.0-2ubuntu3.15",
"libcurl4-doc": "7.58.0-2ubuntu3.15",
"libcurl3-nss-dbgsym": "7.58.0-2ubuntu3.15",
"libcurl3-gnutls": "7.58.0-2ubuntu3.15",
"libcurl3-gnutls-dbgsym": "7.58.0-2ubuntu3.15",
"libcurl4-openssl-dev": "7.58.0-2ubuntu3.15",
"libcurl4-nss-dev": "7.58.0-2ubuntu3.15"
}
]
}
Ubuntu:20.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.68.0-1ubuntu2.7?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.68.0-1ubuntu2.7
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"curl-dbgsym": "7.68.0-1ubuntu2.7",
"curl": "7.68.0-1ubuntu2.7",
"libcurl4": "7.68.0-1ubuntu2.7",
"libcurl4-gnutls-dev": "7.68.0-1ubuntu2.7",
"libcurl4-dbgsym": "7.68.0-1ubuntu2.7",
"libcurl3-nss": "7.68.0-1ubuntu2.7",
"libcurl4-doc": "7.68.0-1ubuntu2.7",
"libcurl3-nss-dbgsym": "7.68.0-1ubuntu2.7",
"libcurl3-gnutls": "7.68.0-1ubuntu2.7",
"libcurl3-gnutls-dbgsym": "7.68.0-1ubuntu2.7",
"libcurl4-openssl-dev": "7.68.0-1ubuntu2.7",
"libcurl4-nss-dev": "7.68.0-1ubuntu2.7"
}
]
}
Ubuntu:22.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.74.0-1.3ubuntu2?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.74.0-1.3ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"curl-dbgsym": "7.74.0-1.3ubuntu2",
"curl": "7.74.0-1.3ubuntu2",
"libcurl4": "7.74.0-1.3ubuntu2",
"libcurl4-gnutls-dev": "7.74.0-1.3ubuntu2",
"libcurl4-dbgsym": "7.74.0-1.3ubuntu2",
"libcurl3-nss": "7.74.0-1.3ubuntu2",
"libcurl4-doc": "7.74.0-1.3ubuntu2",
"libcurl3-nss-dbgsym": "7.74.0-1.3ubuntu2",
"libcurl3-gnutls": "7.74.0-1.3ubuntu2",
"libcurl3-gnutls-dbgsym": "7.74.0-1.3ubuntu2",
"libcurl4-openssl-dev": "7.74.0-1.3ubuntu2",
"libcurl4-nss-dev": "7.74.0-1.3ubuntu2"
}
]
}