Lucene search

[email protected]NVD:CVE-2021-22926

HistoryAug 05, 2021 - 9:15 p.m.

CVE-2021-22926

2021-08-0521:15:11

CWE-840

CWE-295

[email protected]

web.nvd.nist.gov

libcurl

security

vulnerability

client certificate

macos

tls

handshake

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

76.3%

JSON

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPT_SSLCERT option (--cert with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like /tmp), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Affected configurations

Nvd

Node

haxxcurlRange7.33.0–7.78.0

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappactive_iq_unified_managerMatch-windows

netappclustered_data_ontapMatch-

netapphci_management_nodeMatch-

netapponcommand_insightMatch-

netapponcommand_workflow_automationMatch-

netappsnapcenterMatch-

netappsolidfireMatch-

Node

oraclemysql_serverRange5.7.0–5.7.35

oraclemysql_serverRange8.0.0–8.0.26

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

Node

siemenssinec_infrastructure_network_servicesRange<1.0.1.1

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

VendorProductVersionCPE
haxxcurl*cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
netappclustered_data_ontap-cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netapponcommand_insight-cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapponcommand_workflow_automation-cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netappsnapcenter-cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
oraclemysql_server*cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
haxx	curl	*	cpe:2.3:a:haxx:curl::::::::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
netapp	clustered_data_ontap	-	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	oncommand_insight	-	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
netapp	oncommand_workflow_automation	-	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
netapp	snapcenter	-	cpe:2.3:a:netapp:snapcenter:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
oracle	mysql_server	*	cpe:2.3:a:oracle:mysql_server::::::::