canonical ubuntu-linux CVE-2021-22946 vulnerability in Canonical and Other Products
Published on September 29, 2021

product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.


Products Associated with CVE-2021-22946

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22946 are published in these products:

Canonical Ubuntu Linux
 
Haxx Curl
 
Debian Linux
 
Fedora Project Fedora
 
NetApp Clustered Data Ontap
 
Oracle MySQL
 
NetApp Cloud Backup
 
NetApp Oncommand Insight
 
NetApp Oncommand Workflow Automation
 
NetApp Snapcenter
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Communications Cloud Native Core Network Slice Selection Function
 
Oracle Communications Cloud Native Core Network Repository Function
 
Oracle Communications Cloud Native Core Network Function Cloud Native Environment
 
Oracle Communications Cloud Native Core Service Communication Proxy
 
Oracle Communications Cloud Native Core Binding Support Function
 
Apple macOS
 
Siemens Sinec Infrastructure Network Services
 
Oracle Commerce Guided Search
 
Oracle Communications Cloud Native Core Security Edge Protection Proxy
 
Oracle Communications Cloud Native Core Console
 
Splunk Universal Forwarder
 

Exploit Probability

EPSS
0.07%
Percentile
21.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.