Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS.
When receiving certain responses from servers, curl would continue without
TLS even when the option to require a successful upgrade to TLS was
specified. (CVE-2021-22946)

Patrick Monnerat discovered that curl incorrectly handled responses
received before STARTTLS. A remote attacker could possibly use this issue
to inject responses and intercept communications. (CVE-2021-22947)

References

launchpad.net/bugs/1944120

ubuntu.com/security/notices/USN-5079-4

suse 2

nessus 51

rocky 1

ibm 14

osv 9

openvas 38

ubuntu 4

almalinux 1

redhat 13

debian 3

amazon 2

oraclelinux 1

photon 9

mageia 1

cloudfoundry 1

freebsd 2

fedora 3

slackware 1

prion 2

hackerone 2

nvd 2

cvelist 2

redhatcve 2

cve 2

ubuntucve 2

cbl_mariner 4

debiancve 2

veracode 2

mscve 1

alpinelinux 2

krebs 1

malwarebytes 1

gentoo 1

thn 1

hivepro 1

threatpost 1

ics 2

apple 1

mskb 5

kaspersky 1

rapid7blog 1

oracle 2

suse

Security update for curl (moderate)

2021-10-06 00:00:00

Security update for curl (moderate)

2021-10-18 00:00:00

nessus

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2022-1041)

2022-02-11 00:00:00

SUSE SLES15 Security Update : curl (SUSE-SU-2021:3297-1)

2021-10-07 00:00:00

Oracle Linux 8 : curl (ELSA-2021-4059)

2021-11-02 00:00:00

rocky

curl security update

2021-11-02 07:49:01

ibm

Security Bulletin: IBM MQ is vulnerable to multiple issues with libcurl (CVE-2021-22946, CVE-2021-22947)

2021-12-17 13:33:37

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22946)

2022-04-22 20:04:20

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22947)

2022-04-22 20:00:33

osv

Moderate: curl security update

2021-11-02 07:49:01

curl vulnerabilities

2021-09-15 12:34:55

curl - security update

2021-09-30 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:14807-1)

2021-09-24 00:00:00

openSUSE: Security Advisory for curl (openSUSE-SU-2021:1384-1)

2021-10-19 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1003)

2022-01-28 00:00:00

ubuntu

curl regression

2021-09-21 00:00:00

curl vulnerabilities

2021-09-15 00:00:00

curl vulnerabilities

2021-09-15 00:00:00

almalinux

Moderate: curl security update

2021-11-02 07:49:01

redhat

(RHSA-2022:0635) Moderate: curl security update

2022-02-22 14:34:54

(RHSA-2021:4059) Moderate: curl security update

2021-11-02 07:49:01

(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update

2022-04-13 13:42:42

debian

[SECURITY] [DLA 2773-1] curl security update

2021-09-30 21:58:49

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

amazon

Medium: curl

2021-11-10 22:13:00

Medium: curl

2021-12-08 02:22:00

oraclelinux

curl security update

2021-11-02 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2021-0102

2021-09-17 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0392

2021-09-17 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0434

2021-09-17 00:00:00

mageia

Updated curl packages fix security vulnerability

2021-09-23 07:49:29

cloudfoundry

USN-5079-1: curl vulnerabilities | Cloud Foundry

2021-10-28 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2021-09-15 00:00:00

MySQL -- Multiple vulnerabilities

2022-01-18 00:00:00

fedora

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35

2021-11-03 01:12:29

[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34

2021-09-21 15:33:29

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33

2021-10-02 01:10:15

slackware

[slackware-security] curl

2021-09-16 03:11:12

prion

Design/Logic Flaw

2021-09-29 20:15:00

Code injection

2021-09-29 20:15:00

hackerone

curl: CVE-2021-22946: Protocol downgrade required TLS bypassed

2021-09-09 00:34:37

curl: CVE-2021-22947: STARTTLS protocol injection via MITM

2021-09-09 14:00:44

nvd

CVE-2021-22946

2021-09-29 20:15:08

CVE-2021-22947

2021-09-29 20:15:08

cvelist

CVE-2021-22946

2021-09-29 00:00:00

CVE-2021-22947

2021-09-29 00:00:00

redhatcve

CVE-2021-22946

2021-09-15 06:52:15

CVE-2021-22947

2021-09-15 07:22:02

cve

CVE-2021-22946

2021-09-29 20:15:08

CVE-2021-22947

2021-09-29 20:15:08

ubuntucve

CVE-2021-22947

2021-09-15 00:00:00

CVE-2021-22946

2021-09-15 00:00:00

cbl_mariner

CVE-2021-22947 affecting package curl 7.76.0-9

2021-10-05 03:00:51

CVE-2021-22946 affecting package curl 7.76.0-9

2021-10-05 03:00:51

CVE-2021-22946 affecting package curl for versions less than 7.82.0-1

2022-04-09 06:51:45

debiancve

CVE-2021-22946

2021-09-29 20:15:08

CVE-2021-22947

2021-09-29 20:15:08

veracode

Denial Of Service (DoS)

2021-09-17 21:34:33

Man-In-The-Middle Attack (MitM)

2021-09-17 21:34:37

mscve

Open Source Curl Remote Code Execution Vulnerability

2022-01-11 08:00:00

alpinelinux

CVE-2021-22947

2021-09-29 20:15:08

CVE-2021-22946

2021-09-29 20:15:08

krebs

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

2022-01-11 22:18:55

malwarebytes

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

2022-01-12 17:02:25

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

thn

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

2022-01-12 06:42:00

hivepro

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

2022-01-12 07:30:07

threatpost

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

2022-01-11 21:54:57

ics

Siemens RUGGEDCOM ROX

2023-07-13 12:00:00

Siemens SINEC INS

2022-03-10 12:00:00

apple

About the security content of macOS Monterey 12.3

2022-03-14 00:00:00

mskb

January 11, 2022—KB5009566 (OS Build 22000.434)

2022-01-11 08:00:00

January 11, 2022—KB5009545 (OS Build 18363.2037)

2022-01-11 08:00:00

January 11, 2022—KB5009543 (OS Builds 19042.1466, 19043.1466, and 19044.1466)

2022-01-11 08:00:00

kaspersky

KLA12422 Multiple vulnerabilities in Microsoft Windows

2022-01-11 00:00:00

rapid7blog

Patch Tuesday - January 2022

2022-01-11 21:41:56

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for OSV:USN-5079-4