CURL-CVE-2021-22897
- Source
- https://curl.se/docs/CVE-2021-22897.html
- Import Source
- https://curl.se/docs/CURL-CVE-2021-22897.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2021-22897
- Aliases
- Published
- 2021-05-26T08:00:00Z
- Modified
- 2024-06-07T13:53:51Z
- Summary
- Schannel cipher selection surprise
- Details
-
libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called
CURLOPT_SSL_CIPHER_LIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.Due to a mistake in the code, the selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers accidentally controls the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
- Database specific
{ "CWE": { "id": "CWE-488", "desc": "Exposure of Data Element to Wrong Session" }, "award": { "amount": "800", "currency": "USD" }, "URL": "https://curl.se/docs/CVE-2021-22897.json", "affects": "both", "package": "curl", "severity": "Low", "issue": "https://hackerone.com/reports/1172857", "www": "https://curl.se/docs/CVE-2021-22897.html", "last_affected": "7.76.1" }- References
-
- Credits
-
-
- Harry Sintonen - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-