CVE-2021-22890

CWE-300CWE-29010 documents9 sources
Severity
3.7LOW
EPSS
0.1%
top 74.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Siemens Sinec Infrastructure Network ServicesSplunk Universal ForwarderHaxx Libcurl+5 more
Timeline
PublishedApr 1
Latest updateMay 24

Description

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumve

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages7 packages

CVEListV5https://github.com/curl/curl7.63.0 to and including 7.75.0
NVDhaxx/libcurl7.63.07.75.0
Debiancurl< 7.74.0-1.2+3
NVDsplunk/universal_forwarder8.2.08.2.12+2

Also affects: Debian Linux 9.0, Fedora 32, 33, 34

Patches

Patch: cert-portal.siemens.comPatch: curl.sePatch: hackerone.com

🔴Vulnerability Details

4
GHSA
GHSA-5cwr-528x-3vwc: curl 72022-05-24
CVEList
CVE-2021-22890: curl 72021-04-01
OSV
CVE-2021-22890: curl 72021-04-01
OSV
curl vulnerabilities2021-03-31

📋Vendor Advisories

4
Microsoft
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.32021-04-13
Ubuntu
curl vulnerabilities2021-03-31
Red Hat
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host2021-03-31
Debian
CVE-2021-22890: curl - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicio...2021

💬Community

1
HackerOne
CVE-2021-22890: TLS 1.3 session ticket proxy host mixup2021-04-30