CURL-CVE-2021-22890
- Source
- https://curl.se/docs/CVE-2021-22890.html
- Import Source
- https://curl.se/docs/CURL-CVE-2021-22890.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2021-22890
- Aliases
- Published
- 2021-03-31T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- TLS 1.3 session ticket proxy host mix-up
- Details
-
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes.
When using an HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. The reason for this confusion is the modified sequence from TLS 1.2 when the session ids would provided only during the TLS handshake, while in TLS 1.3 it happens post hand-shake and the code was not updated to take that changed behavior into account.
When confusing the tickets, an HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed.
This flaw can allow a malicious HTTPS proxy to MITM the traffic. Such a malicious HTTPS proxy needs to provide a certificate that curl accepts for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
- Database specific
{ "last_affected": "7.75.0", "URL": "https://curl.se/docs/CVE-2021-22890.json", "www": "https://curl.se/docs/CVE-2021-22890.html", "affects": "both", "issue": "https://hackerone.com/reports/1129529", "CWE": { "id": "CWE-290", "desc": "Authentication Bypass by Spoofing" }, "severity": "Low", "package": "curl" }- References
-
- Credits
-
-
- Mingtao Yang (Facebook) - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.63.0Fixed7.76.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.63.0
7.64.0
7.64.1
7.65.0
7.65.1
7.65.2
7.65.3
7.66.0
7.67.0
7.68.0
7.69.0
7.69.1
7.70.0
7.71.0
7.71.1
7.72.0
7.73.0
7.74.0
7.75.0
Database specific
vanir_signatures
[
{
"id": "CURL-CVE-2021-22890-1de0a59c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 916.0,
"function_hash": "80884663806924463355113230249959573248"
},
"target": {
"function": "ossl_init",
"file": "lib/vtls/openssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-26515ad3",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 14086.0,
"function_hash": "5139200581572407689832933350333853679"
},
"target": {
"function": "schannel_connect_step1",
"file": "lib/vtls/schannel.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-26520106",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 5076.0,
"function_hash": "289183786604339011210738353494027630468"
},
"target": {
"function": "mesalink_connect_step1",
"file": "lib/vtls/mesalink.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-2b11af9d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"336862766761884050769116587817295912056",
"297851505741043129063521220402607229180",
"328614204953432820739752912054245703814",
"11155270369736945281130705403512708313",
"265810100451231122542676701135681817879",
"205929934791292759173694489331202740514",
"130005939109978981705810034051176678074",
"247802730921077175533046497812762688225",
"289352291518053959106152824481167733187",
"6621775588854414742547271709892543253",
"219411867131551039853419118958207932931",
"4620339518264752730194782083653896029",
"195907131268044135622015181203430698233",
"172753200693146242267141585689554508606",
"67007874163717154059336673594240254632",
"166560870589218938048568785457940230601",
"283006304460402970076765740628106221383",
"263947941456404785882371842021986596532",
"205890143084002102133011266597118584792",
"79320559291548499350309183118973007470",
"285919966942250969944156882776868050918",
"209602668270031020582990676253372477309",
"17428929338135236715719300710795183443",
"313973454568289553342014041310579447746",
"294544813080860896394029298982097261110",
"53646144176723679661461759034349632218",
"295220195230965073555177294687484452358",
"276205772157923235129804727510266670319",
"206005753754129748029513149742679435774",
"263115745916382983360801603770342039389",
"329567549756815297904183647351731716803",
"313136005052498845159826498960112144492",
"207030032140940270196392569482197400507",
"237111573662373539150810607076613652830",
"300578009649016493468754225179517102825",
"251233578770041621976522388620131096078",
"313036687635984071871570201527104228354",
"253029238641266424960123916798835656629",
"301017612119832539258258664601022628795",
"23962009691912419874635712459948598435",
"65101538474635220529629968750792964940",
"237441696880455912014919231651310269144",
"94325003603737462345976949732783861832"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/openssl.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-2db50422",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1765.0,
"function_hash": "273773718086387081672517218253030966863"
},
"target": {
"function": "Curl_ssl_getsessionid",
"file": "lib/vtls/vtls.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-374283ce",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"94806077645884548060356296987107393311",
"10309756939681767696479113036011857256",
"284962477473351812358256850907875610156",
"27145230871328219916908011849942321666",
"264289887821443988238926048732973447991",
"1494018070174834192384809129159698343",
"56473950453775189745254640432469587258",
"284495504252623812608368024147303529164",
"128967931758267577436775311696107071164",
"264800750892326469160560054504535730373",
"260236878120012432036962430259182642317",
"113061089884518445466830529177739034694",
"140113271631500951744152997984593605772",
"155776449572785891323867422754622153698",
"57347696963449830585357186002440837464",
"20727556016287663810408881081865839818",
"120431589425223616121369566049881578811",
"240443655738258383365150692049648863427",
"934764322153241323606428248901294909"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/sectransp.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-39da7906",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 15660.0,
"function_hash": "195480434458998131836680177149753632510"
},
"target": {
"function": "sectransp_connect_step1",
"file": "lib/vtls/sectransp.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-3c48b1d8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3833.0,
"function_hash": "144865884071843540727249051842521559293"
},
"target": {
"function": "schannel_connect_step3",
"file": "lib/vtls/schannel.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-3e62efd8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"37932985936585854417497470395747221252",
"287191147748029187849571221310677255183",
"197250966739074887161752463742401078619",
"169137895400406461309711661052989717302",
"278747447951589288548246499159251783904",
"318739512785308934130156772394115426099",
"47774508376400011252940241351892461314",
"2084630322519792639222923955251622231",
"177592947151748376316528643939395075657",
"104981547749617085342165234632777808088",
"294940662576928400801456463873230335775",
"260597147074647110831301819629759251698",
"335710745409227085863438584452677873891",
"52082007041627474181062333086615873096",
"37799751703719029871082580095440201451"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/mbedtls.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-42263dd2",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"178767553165638964839221207122137774796",
"272491340871670518151998728143965550891",
"107901934970741544009396790875593752281",
"217194281838355325872797047555395071528",
"14878312773212023743327997631287651061",
"327216610405849993121451937990182934434",
"332661952915560985015384196497864907657",
"30766822347222452244347912117374092829",
"151350169594671595819938192947282287315",
"145579880652926316132952532671062473865",
"316852695220276224570896470467083507343",
"77494677251940678821657007853599095097",
"124113057411681008228094188471501689746",
"2400542830540229961656930747382456028",
"295060371976656940152059506373800879182",
"132131308813560169756421625711278433535",
"45821809746057711595427229750198544607",
"169430944314539389920634402693600281549",
"113601308303748319520625108572984193088"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/schannel.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-422c48e9",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 921.0,
"function_hash": "308990709987683739662933893501194887458"
},
"target": {
"function": "ossl_new_session_cb",
"file": "lib/vtls/openssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-45cd9dc9",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"268962970819924094110691161491957863816",
"205258130366830432407424670226347008643",
"195892027979958881804162385641858298136",
"198976998033725377393444014942292495345",
"256059411389376877407088676580560681480",
"305088672631858847360724749476847700009",
"52535100091841008717307588108464370964",
"227916282593726575771065171718883780359",
"227840231437837640280420463055721921348",
"64409863875499735535558115805233233493",
"98078335743745395122219373932166262023",
"302639403580318386646575105414852971901",
"196722779721628807347092390854125174387",
"39212040839488978586926835371164649",
"210971096874320897259853002740646672018",
"150716026310542410932576830671903012540",
"64418971108864587855930149252637972203",
"40858013799978284042569013875922119643",
"170730426052655033682893892660307245265",
"50025630586994856825148198177227755083",
"52535100091841008717307588108464370964",
"227916282593726575771065171718883780359",
"333542710183271162081549951062673907323",
"78085967125862214019567995518943543364",
"78874384092257446950356152726808333826",
"167813800407009536293128779470948170062"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/vtls.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-4637350b",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1373.0,
"function_hash": "291995655788906975512766513248808450316"
},
"target": {
"function": "bearssl_connect_step3",
"file": "lib/vtls/bearssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-51c276e7",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 834.0,
"function_hash": "6127449131006183383292564831652302757"
},
"target": {
"function": "wolfssl_connect_step3",
"file": "lib/vtls/wolfssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-570e7885",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2091.0,
"function_hash": "171358484790234737202903135384044384964"
},
"target": {
"function": "Curl_ssl_addsessionid",
"file": "lib/vtls/vtls.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-5fe112f1",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 8286.0,
"function_hash": "176941675248206322130424446270766527784"
},
"target": {
"function": "gtls_connect_step1",
"file": "lib/vtls/gtls.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-6b525a20",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"62362930007964672800051951659597470656",
"128492517162448780522896505497679538347",
"195892027979958881804162385641858298136",
"157957246349334757271664443503223851986",
"212161420088433513538636478340773552056",
"58143578620572766693585841981142237697",
"64418971108864587855930149252637972203",
"49395248967643113852698362427099908205"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/vtls.h"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-8059bae7",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 10527.0,
"function_hash": "251636660413821095853877843826680694054"
},
"target": {
"function": "gtls_connect_step3",
"file": "lib/vtls/gtls.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-adb38d41",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1014.0,
"function_hash": "169596441448966558744563116128501756962"
},
"target": {
"function": "mbed_connect_step3",
"file": "lib/vtls/mbedtls.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-b279da61",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"257091547068256645533251025968372636123",
"199598968298026094710858393990661165633",
"237441696880455912014919231651310269144",
"238138501240126757698671457963878120907",
"244561538040711958225097324730297355260",
"77735677815391823125170676532804589244",
"120980860515748343956621457630727501610",
"135522781075013639240418211194702472725",
"324536199244111399303003093032804685309",
"158019176260761905541735309381541030174",
"280541150140731869465519940527179804827",
"165820139194305913870133051543294769364",
"328203048585213544622903547363954863328",
"211705176733752141884926158426404476216",
"296923588728900978858740961700501183560",
"73724796446795864522177628388100790372",
"329789519029211599477668060238374212484",
"5682168722210681913865825773575692704"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/mesalink.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-b91e8d42",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"257091547068256645533251025968372636123",
"199598968298026094710858393990661165633",
"305975120206186942044354979809484201357",
"24125197400487298044725282445728174467",
"12820204933263595408983791360032021985",
"70218941518905585996675380468072433443",
"87573501881005156796015919733221437457",
"280755341178989430502779366769189481793",
"14208651247972888649731911686390712644",
"294544813080860896394029298982097261110",
"146718513848752729812866230051346328411",
"143658575103886180749765293019881869122",
"318518420089108149635930730250834716872",
"296923588728900978858740961700501183560",
"73724796446795864522177628388100790372",
"329789519029211599477668060238374212484",
"320378417209615948541356923296431304552"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/wolfssl.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-b9f444f0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 844.0,
"function_hash": "147889718464087335282081349188703331599"
},
"target": {
"function": "mesalink_connect_step3",
"file": "lib/vtls/mesalink.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-bca5c4b2",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"179762783071256091365960214088830784518",
"252990963761753317857136106172522008978",
"164314980816883654486777258720930598575",
"212342420381344455306823325072848285601",
"17645554325269473170056550965104619846",
"3467212961533315680730317332549563457",
"88654581799858666037828758083275751073",
"167051427075528201530406113572794550721",
"209373483628350476846480053768715203973",
"192386842638600685337691095406914072849",
"85230467389655544941739295208306547826",
"251083998957469309771505669802094727634",
"185256911042148235613901029947293489181",
"243491213336976803667106177885224922152"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/gtls.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-c2e533e8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3243.0,
"function_hash": "163880928972476756723732308675377839012"
},
"target": {
"function": "bearssl_connect_step1",
"file": "lib/vtls/bearssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-c4799ecd",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 7243.0,
"function_hash": "276475302268482871644127498029476582796"
},
"target": {
"function": "mbed_connect_step1",
"file": "lib/vtls/mbedtls.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-e183e7af",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 15725.0,
"function_hash": "226927428522655040985649957869931781269"
},
"target": {
"function": "ossl_connect_step1",
"file": "lib/vtls/openssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-e35dc3d7",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"153150795396112561087559478049166698996",
"136351155573872060130239068884361884783",
"73399416979894975066049447037575183353",
"306485148453785096157827042814522198300",
"169903817817211969247950063845035785188",
"26636479870251327475484694260007367818",
"299794669769811602882183600780967867168",
"186667892868309991073275615113359786424",
"214418065083184592301954990834964192045",
"139425798331644137606415527615331566077",
"174059560534331777803416514203867159813",
"338425595069167505886682548896829795248"
],
"threshold": 0.9
},
"target": {
"file": "lib/vtls/bearssl.c"
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
},
{
"id": "CURL-CVE-2021-22890-f48e8c11",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 8020.0,
"function_hash": "246216009118561451855566779856158351947"
},
"target": {
"function": "wolfssl_connect_step1",
"file": "lib/vtls/wolfssl.c"
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844"
}
]