CVE-2021-22901
- Source
- https://cve.org/CVERecord?id=CVE-2021-22901
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22901.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-22901
- Aliases
- Downstream
- Related
- Published
- 2021-06-11T16:15:11.120Z
- Modified
- 2026-03-15T22:40:14.986385Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
- References
-
- https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210727-0007/
- https://hackerone.com/reports/1180380
- https://curl.se/docs/CVE-2021-22901.html
- https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Affected packages
Git / github.com/curl/curl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/curl/curl
- Events
-
IntroducedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "7.75.0" }, { "last_affected": "7.76.1" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "5.7.34" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.25" }, { "introduced": "0" }, { "last_affected": "9.1.0" } ] }
Affected versions
Other
curl-7_75_0
curl-7_76_0
curl-7_76_1
mysql-5.*
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
mysql-5.5.63
mysql-5.6.33
mysql-5.6.34
mysql-5.6.35
mysql-5.6.36
mysql-5.6.37
mysql-5.6.38
mysql-5.6.39
mysql-5.6.40
mysql-5.6.41
mysql-5.6.42
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-5.6.47
mysql-5.6.48
mysql-5.6.49
mysql-5.6.50
mysql-5.6.51
mysql-5.7.15
mysql-5.7.16
mysql-5.7.17
mysql-5.7.18
mysql-5.7.19
mysql-5.7.20
mysql-5.7.21
mysql-5.7.22
mysql-5.7.24
mysql-5.7.25
mysql-5.7.26
mysql-5.7.27
mysql-5.7.28
mysql-5.7.29
mysql-5.7.30
mysql-5.7.31
mysql-5.7.32
mysql-5.7.33
mysql-5.7.34
mysql-8.*
mysql-8.0.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22901.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.1.2.4.047"
}
]
},
{
"events": [
{
"introduced": "21.0"
},
{
"fixed": "21.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1.1"
}
]
},
{
"events": [
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.12"
}
]
},
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.6"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2021-22901-112b40cc",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/gskit.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"186219220524685466747730293319960369262",
"221885776772179948375588984335771599016",
"242092821167957799341998848306994961622"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-16afe490",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/wolfssl.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"105711553773464346414647333756716138062",
"2904185772424648690614208022438633360",
"28943486962530006695741710418216306715"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-1a7f75ad",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/multi.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187473753366580240819143889369803023555",
"19947501796357691300854331411987220613",
"95654700292215788056874075044093236670",
"54945258926373500052511413367380796929",
"50910872226802818269537850369166031572",
"58240838674613881414058697592076492097",
"327008296953905714942243329393832476807",
"167690107269592290756581100018194607341",
"163502143684354781220170101016683290242"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2021-22901-1dc33ea9",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"function": "Curl_detach_connnection",
"file": "lib/multi.c"
},
"deprecated": false,
"digest": {
"function_hash": "282527232010509207256326083520762769034",
"length": 159.0
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-29a281cb",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/mesalink.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"186219220524685466747730293319960369262",
"221885776772179948375588984335771599016",
"118420185482035953781785408918051443343"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-5ed26d1d",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/openssl.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"73271168870267222109289255326453829008",
"73827907696276383707622611301589291798",
"211530242407209078484329373388314723108",
"188779164379214942689248499697233465740",
"85386975455582097309536242192917050731",
"245081344340155641301320834143844850881",
"62153286337341876067281988598850343391",
"121669162297169078699046718566740458729",
"215298610020151475422509359025881665450",
"160496096879707273982560064615393928037",
"262253162330575483615990927020006884742",
"207030032140940270196392569482197400507",
"52196972406707744499516007337590729723",
"310848303797566296324889670751101086331",
"222593396967390567450172725704753887575",
"235691541654497677847954641653469180817",
"58633988980821724765059247018395199889",
"25447831337023957638041419169130371823",
"147075429205132582405216565002123595763",
"159239750700783782352173299703698057266",
"3437427716754797935132463652839023737",
"127087658280103561645782008847134409151",
"75199286429243154010508244248962936561",
"244921248497977065595362047332805878839",
"335526394393619798921303958949091926921",
"142148865309299820369778016046747186849",
"36343027810611685258758416187132301997",
"145703898883617860025281749174947940817",
"49821058802725643425531673427781409057",
"49678742140860501719462917258286975569",
"63202482301952805327802201198622534649",
"293181921711569263243064672048373818969",
"133900923489114446296021898851185466508",
"36777361632708934694797056998674843243",
"11177419630060475881010668020085817087",
"303422892470415582204293820830754579527",
"286083972253237306490318597426997081139",
"261079382685828178432555473902036016734",
"279260391187534534676049212163993726371",
"329627646565725648632430807782727645922",
"79194766196837938283253745097174225478",
"5571743488213546801408132267818404860",
"130049941606887403578626904489921224945",
"178097734931733945871273233063040427391",
"216425396822114078519857436547106591880",
"285542075915533030311331310894582100597",
"181108455092571060169513480302647763308",
"201208934546635710539200215230233609237",
"13409051224758349761312328379615738889",
"299473193568500530537773344539589740788",
"152017765307026313653490870096797999253"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-b01c82f2",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/gtls.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"117254624900286043914446684036232897839",
"278148543623425240728153472164075251212",
"313428367765666149420051287200382297935"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-b75e8d96",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/mbedtls.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"155031123524163536542363547886908076616",
"241564592740147399037087761500264710056",
"224236323127553732321566263121395653926"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-b76d75f7",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/vtls.h"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"17479791198913112085959967000244748158",
"122978703432319367585527440563987283441",
"108255278866082812394702543602527323182",
"63147417521427190620024285144529305281",
"281873735472492112698195639167232268211",
"274123850254446799268534801426234867900",
"83722995015177457113170279222513998005"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-bee48009",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/sectransp.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"93612680191468065498685381231912631392",
"172816224077672263565079124615633457341",
"316884559720800204945935234868905210031",
"293326983079720454113692492174647385498"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-c3256b70",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/vtls.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"220881515393441035084801830498670033932",
"174542894043304738129105816634116784620",
"783098884639603181500321915206659113",
"186219220524685466747730293319960369262",
"221885776772179948375588984335771599016",
"72703555703531540869677605507512220101",
"227890448358690435620343229236177822739"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-c729b6cb",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/nss.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"89438604099976147155922991379116780231",
"152200389674360309942177538872971541530",
"36458605533992043066698451277391902613"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2021-22901-deb6cd76",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"function": "ossl_connect_step1",
"file": "lib/vtls/openssl.c"
},
"deprecated": false,
"digest": {
"function_hash": "308421803234990224094444390237334411602",
"length": 14664.0
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-e0ea5594",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/schannel.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"222480428048420087676105947998287034698",
"1791862209004315891931085883200233347",
"335032092301468568357198521291765970795",
"163498262204948760416787486037998488372",
"86790545262539225571869431646476558833",
"102446219944222485332424481391822647475",
"301150589919494327216392615030845277105"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2021-22901-e28697f3",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"file": "lib/vtls/rustls.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"186219220524685466747730293319960369262",
"221885776772179948375588984335771599016",
"331942912995982428602909187462272364537"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2021-22901-f263bc98",
"source": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"signature_version": "v1",
"target": {
"function": "Curl_attach_connnection",
"file": "lib/multi.c"
},
"deprecated": false,
"digest": {
"function_hash": "276203671696876119948010549383366377839",
"length": 299.0
}
}
]