Lucene search

MonneratH1:1334763

HistorySep 09, 2021 - 2:00 p.m.

curl: CVE-2021-22947: STARTTLS protocol injection via MITM

2021-09-0914:00:44

monnerat

hackerone.com

139

0.001 Low

EPSS

Percentile

41.8%

JSON

Summary:

A man-in-the-middle can inject cleartext forged responses to future encrypted commands by pipelining them to the STARTTLS response.

Steps To Reproduce:

Use the attached test case within the curl test system. It is based on IMAP FETCH with explicit TLS. Upon test failure, the downloaded file contains “You’ve been hacked!” rather than the requested mail.

Impact

Mailbox content forgery (IMAP, POP3).
Sent mail content forgery (SMTP).

redhatcve

CVE-2021-22947

2021-09-15 07:22:02

cbl_mariner

CVE-2021-22947 affecting package curl 7.76.0-9

2021-10-05 03:00:51

CVE-2021-22947 affecting package curl for versions less than 7.82.0-1

2022-04-09 06:51:45

ubuntucve

CVE-2021-22947

2021-09-15 00:00:00

mscve

Open Source Curl Remote Code Execution Vulnerability

2022-01-11 08:00:00

ibm

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22947)

2022-04-22 20:00:33

Security Bulletin: IBM MQ is vulnerable to multiple issues with libcurl (CVE-2021-22946, CVE-2021-22947)

2021-12-17 13:33:37

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)

2022-09-17 02:05:46

alpinelinux

CVE-2021-22947

2021-09-29 20:15:08

prion

Code injection

2021-09-29 20:15:00

nvd

CVE-2021-22947

2021-09-29 20:15:08

cve

CVE-2021-22947

2021-09-29 20:15:08

osv

CVE-2021-22947

2021-09-29 20:15:08

curl - security update

2021-09-30 00:00:00

curl vulnerabilities

2021-09-15 12:34:55

veracode

Man-In-The-Middle Attack (MitM)

2021-09-17 21:34:37

cvelist

CVE-2021-22947

2021-09-29 00:00:00

debiancve

CVE-2021-22947

2021-09-29 20:15:08

nessus

Ubuntu 16.04 ESM : curl vulnerabilities (USN-5079-2)

2021-09-15 00:00:00

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2021:3298-1)

2021-10-07 00:00:00

AlmaLinux 8 : curl (ALSA-2021:4059)

2022-02-09 00:00:00

ubuntu

curl regression

2021-09-21 00:00:00

curl vulnerabilities

2021-09-15 00:00:00

curl vulnerabilities

2021-09-21 00:00:00

almalinux

Moderate: curl security update

2021-11-02 07:49:01

redhat

(RHSA-2022:0635) Moderate: curl security update

2022-02-22 14:34:54

(RHSA-2021:4059) Moderate: curl security update

2021-11-02 07:49:01

(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update

2022-04-13 13:42:42

openvas

SUSE: Security Advisory (SUSE-SU-2021:3332-1)

2021-10-12 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1221)

2022-02-26 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1370)

2022-04-13 00:00:00

suse

Security update for curl (moderate)

2021-10-06 00:00:00

Security update for curl (moderate)

2021-10-18 00:00:00

rocky

curl security update

2021-11-02 07:49:01

debian

[SECURITY] [DLA 2773-1] curl security update

2021-09-30 21:58:49

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

amazon

Medium: curl

2021-11-10 22:13:00

Medium: curl

2021-12-08 02:22:00

oraclelinux

curl security update

2021-11-02 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0392

2021-09-17 00:00:00

Moderate Photon OS Security Update - PHSA-2021-0102

2021-09-17 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0434

2021-09-17 00:00:00

mageia

Updated curl packages fix security vulnerability

2021-09-23 07:49:29

cloudfoundry

USN-5079-1: curl vulnerabilities | Cloud Foundry

2021-10-28 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2021-09-15 00:00:00

fedora

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35

2021-11-03 01:12:29

[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34

2021-09-21 15:33:29

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33

2021-10-02 01:10:15

slackware

[slackware-security] curl

2021-09-16 03:11:12

krebs

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

2022-01-11 22:18:55

malwarebytes

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

2022-01-12 17:02:25

thn

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

2022-01-12 06:42:00

hivepro

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

2022-01-12 07:30:07

threatpost

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

2022-01-11 21:54:57

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

mskb

January 11, 2022—KB5009566 (OS Build 22000.434)

2022-01-11 08:00:00

January 11, 2022—KB5009545 (OS Build 18363.2037)

2022-01-11 08:00:00

January 11, 2022—KB5009557 (OS Build 17763.2452)

2022-01-11 08:00:00

ics

Siemens SINEC INS

2022-03-10 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

apple

About the security content of macOS Monterey 12.3

2022-03-14 00:00:00

kaspersky

KLA12422 Multiple vulnerabilities in Microsoft Windows

2022-01-11 00:00:00

rapid7blog

Patch Tuesday - January 2022

2022-01-11 21:41:56

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

0.001 Low

EPSS

Percentile

41.8%

JSON