CVE-2021-22946

Published Sep 29, 2021

Last updated a month ago

CVSS high 7.5
Curl
Libcurl
FTP

Overview

Description
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
Source
support@hackerone.com
NVD status
Modified
Products
curl, debian_linux, fedora, cloud_backup, clustered_data_ontap, oncommand_insight, oncommand_workflow_automation, snapcenter, h300s_firmware, h500s_firmware, h700s_firmware, h300e_firmware, h500e_firmware, h700e_firmware, h410s_firmware, solidfire_baseboard_management_controller_firmware, communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment, communications_cloud_native_core_network_repository_function, communications_cloud_native_core_network_slice_selection_function, communications_cloud_native_core_service_communication_proxy, mysql_server, peoplesoft_enterprise_peopletools, macos, sinec_infrastructure_network_services, commerce_guided_search, communications_cloud_native_core_console, communications_cloud_native_core_security_edge_protection_proxy, universal_forwarder

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

support@hackerone.com
CWE-325
nvd@nist.gov
CWE-319
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-319

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.CVE-2026-43661
  2. A validation issue was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.CVE-2026-43660
  3. A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.CVE-2026-43659
  4. A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.CVE-2026-39871
  5. A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.CVE-2026-28995

References

Sources include official advisories and independent security research.