Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-22897
HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-22897

2021-06-1116:15:10
Google
osv.dev
12
curl
schannel tls library
data exposure

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

74.0%

JSON

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single “static” variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

Related

cbl_mariner 2
hackerone 1
prion 1
nvd 1
photon 8
debiancve 1
ubuntucve 1
redhatcve 1
nessus 17
veracode 1
ibm 6
alpinelinux 1
cve 1
cvelist 1
openvas 8
rosalinux 1
ics 2
oracle 3
cbl_mariner
cbl_mariner
CVE-2021-22897 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2021-22897 affecting package curl 7.76.0-9
2021-07-08 21:56:35
hackerone
hackerone
curl: CVE-2021-22897: schannel cipher selection surprise
2021-04-22 22:39:18
prion
prion
Code injection
2021-06-11 16:15:00
nvd
nvd
CVE-2021-22897
2021-06-11 16:15:10
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0054
2021-06-28 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0412
2021-07-07 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0262
2021-06-28 00:00:00
debiancve
debiancve
CVE-2021-22897
2021-06-11 16:15:10
ubuntucve
ubuntucve
CVE-2021-22897
2021-06-11 00:00:00
redhatcve
redhatcve
CVE-2021-22897
2021-05-26 10:12:52
nessus
nessus
CBL Mariner 2.0 Security Update: curl (CVE-2021-22897)
2023-03-20 00:00:00
Photon OS 4.0: Curl PHSA-2021-4.0-0054
2024-07-23 00:00:00
Photon OS 2.0: Curl PHSA-2021-2.0-0366
2021-07-07 00:00:00
veracode
veracode
Insecure TLS Configuration
2021-06-14 07:53:55
ibm
ibm
Security Bulletin: curl vulnerability impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.1.1 and earlier (CVE-2021-22897)
2021-08-03 19:16:54
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2021-11-01 20:13:42
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
2024-05-07 17:05:31
alpinelinux
alpinelinux
CVE-2021-22897
2021-06-11 16:15:10
cve
cve
CVE-2021-22897
2021-06-11 16:15:10
cvelist
cvelist
CVE-2021-22897
2021-06-11 15:49:38
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2176)
2021-07-13 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2265)
2021-08-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2206)
2021-07-13 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2411
2024-05-02 09:04:51
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

74.0%

JSON
Related for OSV:CVE-2021-22897
cbl_mariner2hackerone1prion1nvd1photon8debiancve1ubuntucve1redhatcve1nessus17veracode1ibm6alpinelinux1cve1cvelist1openvas8rosalinux1ics2oracle3