CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type

GIT

Repo

https://github.com/curl/curl

Events

Introduced

eb8138405a3f747f2c236464932f72e918946f68

Last affected

566b74a0e19b9aa610f4931e5bfd339bcf8e9147

Fixed

bbb71507b7bab52002f9b1e0880bed6a32834511

Database specific

{
    "versions": [
        {
            "introduced": "7.61.0"
        },
        {
            "last_affected": "7.76.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/mysql/mysql-server

Events

Introduced

Last affected

a9b0c712de3509d8d08d3ba385d41a4df6348775

Introduced

270fd3411e3d671a73ed9725940a30080f59ce6d

Last affected

98b2ccb470de120d36bc4a623c814cdfded958ec

Introduced

Last affected

61a3a1d8ef15512396b4c2af46e922a19bf2b174

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.7.34"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.1.0"
        }
    ]
}

Affected versions

Other

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0

curl-7_74_0

curl-7_75_0

curl-7_76_0

curl-7_76_1

mysql-5.*

mysql-5.5.52

mysql-5.5.53

mysql-5.5.54

mysql-5.5.55

mysql-5.5.56

mysql-5.5.57

mysql-5.5.58

mysql-5.5.59

mysql-5.5.60

mysql-5.5.61

mysql-5.5.62

mysql-5.5.63

mysql-5.6.33

mysql-5.6.34

mysql-5.6.35

mysql-5.6.36

mysql-5.6.37

mysql-5.6.38

mysql-5.6.39

mysql-5.6.40

mysql-5.6.41

mysql-5.6.42

mysql-5.6.43

mysql-5.6.45

mysql-5.6.46

mysql-5.6.47

mysql-5.6.48

mysql-5.6.49

mysql-5.6.50

mysql-5.6.51

mysql-5.7.15

mysql-5.7.16

mysql-5.7.17

mysql-5.7.18

mysql-5.7.19

mysql-5.7.20

mysql-5.7.21

mysql-5.7.22

mysql-5.7.24

mysql-5.7.25

mysql-5.7.26

mysql-5.7.27

mysql-5.7.28

mysql-5.7.29

mysql-5.7.30

mysql-5.7.31

mysql-5.7.32

mysql-5.7.33

mysql-5.7.34

mysql-8.*

mysql-8.0.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "169306282263403152476778100550579197303",
                "297501274346842746936104394958035664195",
                "115226342142473284132899468397361420315",
                "234734752945961461342272917723384093426",
                "295386562829775930098639946838584527244",
                "219517661826067509758353138597803787494",
                "244949559378790381198359763585636363260",
                "332559676467627573058079295969579883439",
                "172944519042723511467055631002959388061",
                "49891809641561640485570718961026384269",
                "303945483550590176791034946765591014847",
                "160380589874126636249932610610053765267",
                "202261837233141056431919104544500820999"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2021-22897-462e72f1",
        "target": {
            "file": "lib/vtls/schannel.c"
        },
        "source": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "144288989636727895116566759813531481869",
                "310223903940348029157260322620209786472",
                "305687057856332765216788005169622682063",
                "325657448106323421990448296138158547936",
                "292286319081006362423274139499724779986",
                "39604824998280807468150180221600407666",
                "57176848086045237311152580885468675039"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2021-22897-66d13eee",
        "target": {
            "file": "lib/vtls/schannel.h"
        },
        "source": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
    },
    {
        "digest": {
            "length": 14322.0,
            "function_hash": "211186878913764398743821657885986770610"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-22897-8c49663e",
        "target": {
            "function": "schannel_connect_step1",
            "file": "lib/vtls/schannel.c"
        },
        "source": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
    },
    {
        "digest": {
            "length": 676.0,
            "function_hash": "36431407875438539121636832984401189544"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-22897-ff708dce",
        "target": {
            "function": "set_ssl_ciphers",
            "file": "lib/vtls/schannel.c"
        },
        "source": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
    }
]

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "11.1.2.4.047"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "21.0"
            },
            {
                "fixed": "21.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.1.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.2.0"
            },
            {
                "fixed": "8.2.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "9.0.0"
            },
            {
                "fixed": "9.0.6"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22897.json"