what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

CVE-2021-22947

Status Candidate

Overview

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Related Files

Gentoo Linux Security Advisory 202212-01
Posted Dec 19, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-22922, CVE-2021-22923, CVE-2021-22925, CVE-2021-22926, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781
SHA-256 | e297fe6f1bca3eb09660ab5922cdfac1c9a3279734e9e89e74cc758a3e08ac46
Debian Security Advisory 5197-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5197-1 - Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-22898, CVE-2021-22924, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207
SHA-256 | 77ef9f5619851e18009af5092abdfe753f0a668e45b9771f079b64a5b7aa8eca
Red Hat Security Advisory 2022-1354-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1354-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-22876, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947
SHA-256 | ebde07dce286b9dea0985f0dc954ffea909c665c9cd6016197d8bcb497e1f4f9
Apple Security Advisory 2022-03-14-4
Posted Mar 15, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-03-14-4 - macOS Monterey 12.3 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-30918, CVE-2021-36976, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-22582, CVE-2022-22597, CVE-2022-22599, CVE-2022-22600, CVE-2022-22609, CVE-2022-22610, CVE-2022-22611, CVE-2022-22612, CVE-2022-22613, CVE-2022-22614, CVE-2022-22615, CVE-2022-22616
SHA-256 | b1fc63b333f7de2af86c93eb24f76f251c983c5e8e7dd47bf132df37097eff6a
Red Hat Security Advisory 2022-0635-01
Posted Feb 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0635-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-22946, CVE-2021-22947
SHA-256 | 0a6c062a860328bd9875093d92806fb960d67ecd0fe400873baa1276bb029a2d
Red Hat Security Advisory 2021-5191-02
Posted Dec 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5191-02 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-26247, CVE-2020-36385, CVE-2021-0512, CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3656, CVE-2021-3733
SHA-256 | 222e9e194871a86f08f51b797c06b520b5e808c822dbc8abe7f4de9d3c85287c
Red Hat Security Advisory 2021-5038-04
Posted Dec 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5038-04 - Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14145, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-36385, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-20271, CVE-2021-20317, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947
SHA-256 | 8c3861dc2826e4a0c7c98f1040e5e156c43227dbe0c19621db0bee3cb77b04e4
Red Hat Security Advisory 2021-4914-06
Posted Dec 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4914-06 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.8.3 images: RHEL-8-CNV-4.8.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-25648, CVE-2020-36385, CVE-2021-0512, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-20317, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947
SHA-256 | fd59966d097a080a7ded93322ccdd6a60d15159920ee6f8c093487695abfb467
Red Hat Security Advisory 2021-4848-07
Posted Nov 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4848-07 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14145, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947, CVE-2021-23840, CVE-2021-23841, CVE-2021-27218
SHA-256 | 19f369ca91efe5e627e3b6624c087f231da83297e68708c5e0fb2378ecc2b10e
Red Hat Security Advisory 2021-4766-01
Posted Nov 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4766-01 - Red Hat OpenShift Serverless release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8 and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-36221, CVE-2021-3733
SHA-256 | 0a78d0e1931087baa5332f57d804a1bee7c1d664fecea39758b98fa436ddda6c
Red Hat Security Advisory 2021-4628-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4628-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22946, CVE-2021-22947, CVE-2021-23369, CVE-2021-23383, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3656, CVE-2021-3733
SHA-256 | ac277430a1b1b05dba76cecef03900e9e3030dda5c7eafc2dd739d28f122ce68
Red Hat Security Advisory 2021-4618-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4618-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, and path sanitization vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947, CVE-2021-23017, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32690, CVE-2021-32803, CVE-2021-32804, CVE-2021-33623, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-36222, CVE-2021-3656, CVE-2021-3711, CVE-2021-3712, CVE-2021-3733
SHA-256 | 14809d9261f291a519a153713fcca44c926124a2a48c8d989887911783dba47f
Red Hat Security Advisory 2021-4059-01
Posted Nov 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4059-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-22946, CVE-2021-22947
SHA-256 | 34daf9a24ea61b47c15ef48c2ee9383ee98eca2dd6a85e453275e6f5eab30c3a
Ubuntu Security Notice USN-5079-4
Posted Sep 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-4 - USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22946, CVE-2021-22947
SHA-256 | f4f6d97f9e479e48e18c50f65141b5cecaeca83955ce66cc82980e7fcf775b8e
Ubuntu Security Notice USN-5079-3
Posted Sep 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-3 - USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
SHA-256 | 0ed5cbb6171e4f59bf66a7fec9639c782a0a1b53c8e5cbbf6e468d1dda90bf96
Ubuntu Security Notice USN-5079-2
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22946, CVE-2021-22947
SHA-256 | 60550d5e74772413dfb06a565ea32040a3d6110b2dd1c2e451288a6afe7cc288
Ubuntu Security Notice USN-5079-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
SHA-256 | 33a734d871c8bed97d25050dd5bf6ab7df0fb69274d554d1083bd6cb8dc39da0
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close