Vulnerability Name:

CVE-2021-22897 (CCN-203609)

Assigned:2021-05-26
Published:2021-05-26
Updated:2022-08-30
Summary:curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-668
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2021-22897

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: CCN
Type: Project curl Security Advisory, May 26th 2021
schannel cipher selection surprise

Source: MISC
Type: Patch, Vendor Advisory
https://curl.se/docs/CVE-2021-22897.html

Source: XF
Type: UNKNOWN
curl-cve202122897-info-disc(203609)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/1172857

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210727-0007/

Source: CCN
Type: IBM Security Bulletin 6479935 (MaaS360)
A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules

Source: CCN
Type: IBM Security Bulletin 6510176 (PowerSC)
Multiple vulnerabilities in Curl affect PowerSC

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:haxx:curl:*:*:*:*:*:*:*:* (Version >= 7.61.0 and <= 7.76.1)

    • Configuration 2:
  • cpe:/a:oracle:mysql_server:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.25)
  • OR cpe:/a:oracle:essbase:*:*:*:*:*:*:*:* (Version >= 21.0 and < 21.3)
  • OR cpe:/a:oracle:essbase:*:*:*:*:*:*:*:* (Version < 11.1.2.4.047)
  • OR cpe:/a:oracle:mysql_server:*:*:*:*:*:*:*:* (Version <= 5.7.34)
  • OR cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:solidfire_&_hci_management_node:-:*:*:*:*:*:*:*
  • OR cpe:/o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:solidfire,_enterprise_sds_&_hci_storage_node:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h300e:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h300s:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h410s:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h500e:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h500s:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h700e:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h700s:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* (Version < 1.0.1.1)

    • Configuration CCN 1:
  • cpe:/a:curl:libcurl:7.61.0:*:*:*:*:*:*:*
  • OR cpe:/a:curl:libcurl:7.62.0:*:*:*:*:*:*:*
  • OR cpe:/a:curl:libcurl:7.63.0:*:*:*:*:*:*:*
  • OR cpe:/a:curl:libcurl:7.65.0:*:*:*:*:*:*:*
  • OR cpe:/a:curl:libcurl:7.64.0:*:*:*:*:*:*:*
  • OR cpe:/a:curl:libcurl:7.65.3:*:*:*:*:*:*:*
  • OR cpe:/a:curl:libcurl:7.67.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    haxx curl *
    oracle mysql server *
    oracle essbase *
    oracle essbase *
    oracle mysql server *
    oracle communications cloud native core network slice selection function 1.8.0
    oracle communications cloud native core network repository function 1.15.0
    oracle communications cloud native core network function cloud native environment 1.10.0
    oracle communications cloud native core service communication proxy 1.15.0
    oracle communications cloud native core network repository function 1.15.1
    oracle communications cloud native core binding support function 1.11.0
    netapp cloud backup -
    netapp solidfire & hci management node -
    netapp solidfire baseboard management controller firmware -
    netapp solidfire, enterprise sds & hci storage node -
    netapp hci compute node firmware -
    netapp hci compute node -
    netapp h300e firmware -
    netapp h300e -
    netapp h300s firmware -
    netapp h300s -
    netapp h410s firmware -
    netapp h410s -
    netapp h500e firmware -
    netapp h500e -
    netapp h500s firmware -
    netapp h500s -
    netapp h700e firmware -
    netapp h700e -
    netapp h700s firmware -
    netapp h700s -
    siemens sinec infrastructure network services *
    curl libcurl 7.61.0
    curl libcurl 7.62.0
    curl libcurl 7.63.0
    curl libcurl 7.65.0
    curl libcurl 7.64.0
    curl libcurl 7.65.3
    curl libcurl 7.67.0