Lucene search

[email protected]CVE-2021-22922

HistoryAug 05, 2021 - 9:15 p.m.

CVE-2021-22922

2021-08-0521:15:11

CWE-755

CWE-840

[email protected]

web.nvd.nist.gov

252

cve-2021-22922

curl

metalink

hash mismatch

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

JSON

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Affected configurations

NVD

Node

haxxcurlRange7.27.0–7.78.0

Node

fedoraprojectfedoraMatch33

Node

netappcloud_backupMatch-

netappclustered_data_ontapMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

oraclemysql_serverRange5.7.0–5.7.35

oraclemysql_serverRange8.0.0–8.0.26

Node

siemenssinec_infrastructure_network_servicesRange<1.0.1.1

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

CPENameOperatorVersion
haxx:curlhaxx curllt7.78.0

CPE	Name	Operator	Version
haxx:curl	haxx curl	lt	7.78.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "curl 7.27.0  to and including 7.77.0",
        "status": "affected"
      }
    ]
  }
]