TROYANOSYVIRUS
Voltar para CVEs

CVE-2021-22901

HIGH
8.1

Descricao

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.

Detalhes CVE

Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/11/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

haxx:curlnetapp:active_iq_unified_managernetapp:cloud_backupnetapp:h300enetapp:h300e_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500enetapp:h500e_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700enetapp:h700e_firmwarenetapp:h700snetapp:h700s_firmwarenetapp:hci_compute_nodenetapp:hci_compute_node_firmwarenetapp:oncommand_insightnetapp:oncommand_workflow_automationnetapp:snapcenternetapp:solidfire\,_enterprise_sds_\&_hci_storage_nodenetapp:solidfire_\&_hci_management_nodenetapp:solidfire_baseboard_management_controller_firmwareoracle:communications_cloud_native_core_binding_support_functionoracle:communications_cloud_native_core_network_function_cloud_native_environmentoracle:communications_cloud_native_core_network_repository_functionoracle:communications_cloud_native_core_network_slice_selection_functionoracle:communications_cloud_native_core_service_communication_proxyoracle:essbaseoracle:mysql_serversiemens:sinec_infrastructure_network_servicessplunk:universal_forwarder

Fraquezas (CWE)

CWE-416CWE-416

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(support@hackerone.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf(support@hackerone.com)
https://curl.se/docs/CVE-2021-22901.html(support@hackerone.com)
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479(support@hackerone.com)
https://hackerone.com/reports/1180380(support@hackerone.com)
https://security.netapp.com/advisory/ntap-20210723-0001/(support@hackerone.com)
https://security.netapp.com/advisory/ntap-20210727-0007/(support@hackerone.com)
https://www.oracle.com//security-alerts/cpujul2021.html(support@hackerone.com)
https://www.oracle.com/security-alerts/cpuapr2022.html(support@hackerone.com)
https://www.oracle.com/security-alerts/cpujan2022.html(support@hackerone.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://curl.se/docs/CVE-2021-22901.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1180380(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210723-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210727-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.