CVE-2021-22926

CWE-840 CWE-295 — Improper Certificate Validation8 documents8 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Siemens Sinec Infrastructure Network Services Splunk Universal Forwarder +3 more

Timeline

PublishedAug 5

Latest updateMay 24

Description

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDoracle/peoplesoft_enterprise_peopletools8.57, 8.58, 8.59+2

▶NVDhaxx/curl7.33.0 — 7.78.0

▶NVDsplunk/universal_forwarder8.2.0 — 8.2.12+2

▶NVDsiemens/sinec_infrastructure_network_services< 1.0.1.1

▶Alpinecurl< 7.67.0-r5

Patches

Patch: cert-portal.siemens.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xph-62q2-pxff: libcurl-using applications can ask for a specific client certificate to be used in a transfer↗2022-05-24

▶

CVEList

CVE-2021-22926: libcurl-using applications can ask for a specific client certificate to be used in a transfer↗2021-08-05

▶

OSV

CVE-2021-22926: libcurl-using applications can ask for a specific client certificate to be used in a transfer↗2021-08-05

▶

📋Vendor Advisories

Oracle

Oracle Oracle MySQL Risk Matrix: Server: Compiling (cURL) — CVE-2021-22926↗2021-10-15

▶

Microsoft

▶

Red Hat

curl: CURLOPT_SSLCERT mixup with Secure Transport↗2021-07-21

▶

💬Community

HackerOne

CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport↗2021-07-21

▶