canonical ubuntu-linux CVE-2021-22947 vulnerability in Canonical and Other Products
Published on September 29, 2021

product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-22947 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2021-22947. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Cryptographic Issues

Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.


Products Associated with CVE-2021-22947

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22947 are published in these products:

Canonical Ubuntu Linux
 
Haxx Curl
 
Fedora Project Fedora
 
Debian Linux
 
NetApp Clustered Data Ontap
 
Oracle MySQL
 
Oracle Peoplesoft Enterprise Peopletools
 
NetApp Cloud Backup
 
Siemens Sinec Infrastructure Network Services
 
Apple macOS
 
Oracle Communications Cloud Native Core Network Slice Selection Function
 
Oracle Communications Cloud Native Core Network Repository Function
 
Oracle Communications Cloud Native Core Network Function Cloud Native Environment
 
Oracle Communications Cloud Native Core Service Communication Proxy
 
Oracle Communications Cloud Native Core Binding Support Function
 
Oracle Commerce Guided Search
 
Oracle Communications Cloud Native Core Security Edge Protection Proxy
 
Oracle Communications Cloud Native Core Console
 
Splunk Universal Forwarder
 

Exploit Probability

EPSS
0.25%
Percentile
48.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.