{"id":"CURL-CVE-2021-22897","summary":"Schannel cipher selection surprise","details":"libcurl lets applications specify which specific TLS ciphers to use in\ntransfers, using the option called `CURLOPT_SSL_CIPHER_LIST`. The cipher\nselection is used for the TLS negotiation when a transfer is done involving\nany of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,\nIMAPS, POP3S, SMTPS etc.\n\nDue to a mistake in the code, the selected cipher set was stored in a single\n\"static\" variable in the library, which has the surprising side-effect that if\nan application sets up multiple concurrent transfers, the last one that sets\nthe ciphers accidentally controls the set used by all transfers. In a\nworst-case scenario, this weakens transport security significantly.","aliases":["CVE-2021-22897"],"modified":"2026-04-25T20:38:39.782351Z","published":"2021-05-26T08:00:00Z","database_specific":{"issue":"https://hackerone.com/reports/1172857","package":"curl","last_affected":"7.76.1","CWE":{"id":"CWE-488","desc":"Exposure of Data Element to Wrong Session"},"award":{"currency":"USD","amount":"800"},"www":"https://curl.se/docs/CVE-2021-22897.html","URL":"https://curl.se/docs/CVE-2021-22897.json","severity":"Low","affects":"both"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.61.0"},{"fixed":"7.77.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28"},{"fixed":"bbb71507b7bab52002f9b1e0880bed6a32834511"}]}],"versions":["7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0"],"database_specific":{"vanir_signatures_modified":"2026-04-25T20:38:39Z","source":"https://curl.se/docs/CURL-CVE-2021-22897.json","vanir_signatures":[{"signature_version":"v1","id":"CURL-CVE-2021-22897-369c7e73","deprecated":false,"target":{"file":"lib/vtls/schannel.c"},"source":"https://github.com/curl/curl.git/commit/bbb71507b7bab52002f9b1e0880bed6a32834511","digest":{"line_hashes":["169306282263403152476778100550579197303","297501274346842746936104394958035664195","115226342142473284132899468397361420315","234734752945961461342272917723384093426","295386562829775930098639946838584527244","219517661826067509758353138597803787494","244949559378790381198359763585636363260","332559676467627573058079295969579883439","172944519042723511467055631002959388061","49891809641561640485570718961026384269","303945483550590176791034946765591014847","160380589874126636249932610610053765267","202261837233141056431919104544500820999"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","id":"CURL-CVE-2021-22897-731f3de3","deprecated":false,"target":{"file":"lib/vtls/schannel.h"},"source":"https://github.com/curl/curl.git/commit/bbb71507b7bab52002f9b1e0880bed6a32834511","digest":{"line_hashes":["144288989636727895116566759813531481869","310223903940348029157260322620209786472","305687057856332765216788005169622682063","325657448106323421990448296138158547936","292286319081006362423274139499724779986","39604824998280807468150180221600407666","57176848086045237311152580885468675039"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","id":"CURL-CVE-2021-22897-a0ff66c6","deprecated":false,"target":{"file":"lib/vtls/schannel.c","function":"schannel_connect_step1"},"source":"https://github.com/curl/curl.git/commit/bbb71507b7bab52002f9b1e0880bed6a32834511","digest":{"length":14322,"function_hash":"211186878913764398743821657885986770610"},"signature_type":"Function"},{"signature_version":"v1","id":"CURL-CVE-2021-22897-f33500b8","deprecated":false,"target":{"file":"lib/vtls/schannel.c","function":"set_ssl_ciphers"},"source":"https://github.com/curl/curl.git/commit/bbb71507b7bab52002f9b1e0880bed6a32834511","digest":{"length":676,"function_hash":"36431407875438539121636832984401189544"},"signature_type":"Function"}]}}],"schema_version":"1.7.5","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}