curl is vulnerable to Man in the middle attack. The vulnerability exists due to a lack of clearing of previous cached responses, treating them as valid and authenticated.

CPENameOperatorVersion
curl:3.14eq7.77.0-r0
curl:3.14eq7.77.0-r1
curl:3.14eq7.78.0-r0
curl:3.13eq7.77.0-r0
curl:3.13eq7.78.0-r0
curl:3.13eq7.76.1-r0
curl:3.13eq7.74.0-r1
curl:3.13eq7.77.0-r1
curl:3.11eq7.67.0-r4
curl:3.11eq7.67.0-r5

Name	Operator	Version
curl:3.14	eq	7.77.0-r0
curl:3.14	eq	7.77.0-r1
curl:3.14	eq	7.78.0-r0
curl:3.13	eq	7.77.0-r0
curl:3.13	eq	7.78.0-r0
curl:3.13	eq	7.76.1-r0
curl:3.13	eq	7.74.0-r1
curl:3.13	eq	7.77.0-r1
curl:3.11	eq	7.67.0-r4
curl:3.11	eq	7.67.0-r5

Rows per page:

1-10 of 1021

References

seclists.org/fulldisclosure/2022/Mar/29

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

hackerone.com/reports/1334763

lists.debian.org/debian-lts-announce/2021/09/msg00022.html

lists.debian.org/debian-lts-announce/2022/08/msg00017.html

lists.fedoraproject.org/archives/list/[email protected]/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

lists.fedoraproject.org/archives/list/[email protected]/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.11/main.yaml

secdb.alpinelinux.org/v3.12/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

security.netapp.com/advisory/ntap-20211029-0003/

support.apple.com/kb/HT213183

www.debian.org/security/2022/dsa-5197

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

ubuntucve 1

redhatcve 1

cbl_mariner 2

mscve 1

ibm 12

alpinelinux 1

prion 1

nvd 1

cve 1

hackerone 1

osv 9

cvelist 1

debiancve 1

suse 2

nessus 48

rocky 1

openvas 37

ubuntu 4

almalinux 1

redhat 13

debian 3

amazon 2

oraclelinux 1

photon 9

mageia 1

cloudfoundry 1

freebsd 1

fedora 3

slackware 1

krebs 1

malwarebytes 1

thn 1

hivepro 1

threatpost 1

gentoo 1

ics 2

apple 1

mskb 5

kaspersky 1

rapid7blog 1

oracle 5

ubuntucve

CVE-2021-22947

2021-09-15 00:00:00

redhatcve

CVE-2021-22947

2021-09-15 07:22:02

cbl_mariner

CVE-2021-22947 affecting package curl 7.76.0-9

2021-10-05 03:00:51

CVE-2021-22947 affecting package curl for versions less than 7.82.0-1

2022-04-09 06:51:45

mscve

Open Source Curl Remote Code Execution Vulnerability

2022-01-11 08:00:00

ibm

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22947)

2022-04-22 20:00:33

Security Bulletin: IBM MQ is vulnerable to multiple issues with libcurl (CVE-2021-22946, CVE-2021-22947)

2021-12-17 13:33:37

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)

2022-09-17 02:05:46

alpinelinux

CVE-2021-22947

2021-09-29 20:15:08

prion

Code injection

2021-09-29 20:15:00

nvd

CVE-2021-22947

2021-09-29 20:15:08

cve

CVE-2021-22947

2021-09-29 20:15:08

hackerone

curl: CVE-2021-22947: STARTTLS protocol injection via MITM

2021-09-09 14:00:44

osv

CVE-2021-22947

2021-09-29 20:15:08

Moderate: curl security update

2021-11-02 07:49:01

curl vulnerabilities

2021-09-15 12:34:55

cvelist

CVE-2021-22947

2021-09-29 00:00:00

debiancve

CVE-2021-22947

2021-09-29 20:15:08

suse

Security update for curl (moderate)

2021-10-06 00:00:00

Security update for curl (moderate)

2021-10-18 00:00:00

nessus

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2022-1041)

2022-02-11 00:00:00

SUSE SLES15 Security Update : curl (SUSE-SU-2021:3297-1)

2021-10-07 00:00:00

Oracle Linux 8 : curl (ELSA-2021-4059)

2021-11-02 00:00:00

rocky

curl security update

2021-11-02 07:49:01

openvas

SUSE: Security Advisory (SUSE-SU-2021:14807-1)

2021-09-24 00:00:00

openSUSE: Security Advisory for curl (openSUSE-SU-2021:1384-1)

2021-10-19 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1003)

2022-01-28 00:00:00

ubuntu

curl regression

2021-09-21 00:00:00

curl vulnerabilities

2021-09-15 00:00:00

curl vulnerabilities

2021-09-15 00:00:00

almalinux

Moderate: curl security update

2021-11-02 07:49:01

redhat

(RHSA-2022:0635) Moderate: curl security update

2022-02-22 14:34:54

(RHSA-2021:4059) Moderate: curl security update

2021-11-02 07:49:01

(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update

2022-04-13 13:42:42

debian

[SECURITY] [DLA 2773-1] curl security update

2021-09-30 21:58:49

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

amazon

Medium: curl

2021-11-10 22:13:00

Medium: curl

2021-12-08 02:22:00

oraclelinux

curl security update

2021-11-02 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0392

2021-09-17 00:00:00

Moderate Photon OS Security Update - PHSA-2021-0102

2021-09-17 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0434

2021-09-17 00:00:00

mageia

Updated curl packages fix security vulnerability

2021-09-23 07:49:29

cloudfoundry

USN-5079-1: curl vulnerabilities | Cloud Foundry

2021-10-28 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2021-09-15 00:00:00

fedora

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35

2021-11-03 01:12:29

[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34

2021-09-21 15:33:29

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33

2021-10-02 01:10:15

slackware

[slackware-security] curl

2021-09-16 03:11:12

krebs

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

2022-01-11 22:18:55

malwarebytes

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

2022-01-12 17:02:25

thn

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

2022-01-12 06:42:00

hivepro

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

2022-01-12 07:30:07

threatpost

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

2022-01-11 21:54:57

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

ics

Siemens SINEC INS

2022-03-10 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

apple

About the security content of macOS Monterey 12.3

2022-03-14 00:00:00

mskb

January 11, 2022—KB5009566 (OS Build 22000.434)

2022-01-11 08:00:00

January 11, 2022—KB5009545 (OS Build 18363.2037)

2022-01-11 08:00:00

January 11, 2022—KB5009543 (OS Builds 19042.1466, 19043.1466, and 19044.1466)

2022-01-11 08:00:00

kaspersky

KLA12422 Multiple vulnerabilities in Microsoft Windows

2022-01-11 00:00:00

rapid7blog

Patch Tuesday - January 2022

2022-01-11 21:41:56

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

41.8%

JSON

Related for VERACODE:32153