{"id":"CURL-CVE-2021-22924","summary":"Bad connection reuse due to flawed path name checks","details":"libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse, if one of them matches the setup.\n\nDue to errors in the logic, the config matching function did not take 'issuer\ncert' into account and it compared the involved paths *case insensitively*,\nwhich could lead to libcurl reusing wrong connections.\n\nFile paths are, or can be, case sensitive on many systems but not all, and can\neven vary depending on used file systems.\n\nThe comparison also did not include the 'issuer cert' which a transfer can set\nto qualify how to verify the server certificate.","aliases":["CVE-2021-22924"],"modified":"2026-05-27T02:29:09.922272Z","published":"2021-07-21T08:00:00Z","database_specific":{"affects":"both","severity":"Medium","package":"curl","URL":"https://curl.se/docs/CVE-2021-22924.json","issue":"https://hackerone.com/reports/1223565","CWE":{"desc":"Improper Certificate Validation","id":"CWE-295"},"www":"https://curl.se/docs/CVE-2021-22924.html","last_affected":"7.77.0","award":{"currency":"USD","amount":"1200"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.10.4"},{"fixed":"7.78.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"89721ff04af70f527baae1368f3b992777bf6526"},{"fixed":"5ea3145850ebff1dc2b13d17440300a01ca38161"}]}],"versions":["7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6","7.10.5","7.10.4","curl-7_77_0","curl-7_76_1","curl-7_76_0","curl-7_75_0","curl-7_74_0","curl-7_73_0","tiny-curl-7_72_0","curl-7_72_0","curl-7_71_1","curl-7_71_0","curl-7_70_0","curl-7_69_1","curl-7_69_0","curl-7_68_0","curl-7_67_0","curl-7_66_0","curl-7_65_3","curl-7_65_2","curl-7_65_1","curl-7_65_0","curl-7_64_1","curl-7_64_0","curl-7_63_0","curl-7_62_0","curl-7_61_1","curl-7_61_0","curl-7_60_0","curl-7_59_0","curl-7_58_0","curl-7_57_0","curl-7_56_1","curl-7_56_0","curl-7_55_1","curl-7_55_0","curl-7_54_1","curl-7_54_0","curl-7_53_1","curl-7_53_0","curl-7_52_1","curl-7_52_0","curl-7_51_0","curl-7_50_3","curl-7_50_2","curl-7_50_1","curl-7_50_0","curl-7_49_1","curl-7_49_0","curl-7_48_0","curl-7_47_1","curl-7_47_0","curl-7_46_0","curl-7_45_0","curl-7_44_0","curl-7_43_0","curl-7_42_1","curl-7_42_0","curl-7_41_0","curl-7_40_0","curl-7_39_0","curl-7_38_0","curl-7_37_1","curl-7_37_0","curl-7_36_0","curl-7_35_0","curl-7_34_0","curl-7_33_0","curl-7_32_0","curl-7_31_0","curl-7_30_0","curl-7_29_0","curl-7_28_1","curl-7_28_0","curl-7_27_0","curl-7_26_0","curl-7_25_0","curl-7_24_0","curl-7_23_1","curl-7_23_0","curl-7_22_0","curl-7_21_7","curl-7_21_6","curl-7_21_5","curl-7_21_4","curl-7_21_3","curl-7_21_2","curl-7_21_1","curl-7_21_0","curl-7_20_1","curl-7_20_0","curl-7_19_7","curl-7_19_6","curl-7_19_5","curl-7_19_4","curl-7_19_3","curl-7_19_2","curl-7_19_1","curl-7_19_0","curl-7_18_2","curl-7_18_1","curl-7_18_0","curl-7_17_1","curl-7_17_0","curl-7_17_0-preldapfix","curl-7_16_4","curl-7_16_3","curl-7_16_2","curl-7_16_1","curl-7_16_0","curl-7_15_6-prepipeline","curl-7_15_5","curl-7_15_4","curl-7_15_3","curl-7_15_2","curl-7_15_1","curl-7_15_0","curl-7_14_1","curl-7_14_0","curl-7_13_2","curl-7_13_1","before_ftp_statemachine","curl-7_13_0","curl-7_12_3","curl-7_12_2","curl-7_12_1","curl-7_12_0","curl-7_11_2","curl-7_11_1","curl-7_11_0","curl-7_10_8","curl-7_10_7","curl-7_10_6","curl-7_10_5","curl-7_10_4"],"database_specific":{"vanir_signatures_modified":"2026-05-27T02:29:09Z","source":"https://curl.se/docs/CURL-CVE-2021-22924.json","vanir_signatures":[{"target":{"file":"lib/vtls/vtls.c","function":"Curl_ssl_config_matches"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"function_hash":"160738917255142178955719735977220262662","length":959},"id":"CURL-CVE-2021-22924-000012e9","deprecated":false,"signature_type":"Function","signature_version":"v1"},{"target":{"file":"lib/vtls/vtls.c","function":"Curl_clone_primary_ssl_config"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"function_hash":"242173141107224124593678877270860419379","length":607},"id":"CURL-CVE-2021-22924-3090f164","deprecated":false,"signature_type":"Function","signature_version":"v1"},{"target":{"file":"lib/vtls/gtls.c"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"line_hashes":["92808530411196095553505616157115942300","45908650368393808521057200267284180006","65749180650725409552700972312456308709","279012087684869453557416819277899115117","103860506802024578069238006428027510678","71080160458351588707589298016896833413","8573403993379032944205432985058103251","290296481367090699367906201443546441822","164156621551702113882480748469909602192","37439760373268398819219735979266640793","264559488954933425065606112307380306297","147768301069492776064288891387278737600","24189586831723203088695513291558074805","101764922127543190502463200563219920239","195374512285048170792986521670755682324","4653310523144342939875486544856805823","153496304968905480299042061006678310230","25698682391873307635810879422215793501","19364255763905544985647682997849314189","201295286300248511913340915835683442594","241785596331168220846828305650148360325","9760484766662901931555145842670872098"],"threshold":0.9},"id":"CURL-CVE-2021-22924-462e4343","deprecated":false,"signature_type":"Line","signature_version":"v1"},{"target":{"file":"lib/url.c"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"line_hashes":["293346117710277402906988127379890480911","318951684812481869243577089894720244646","18170087799223666007426473235044785551","266187893201071675177604364123925103853","171260927682318293961594133787203067126","328809578005112650065821281926250553108","225365005245117342631172596991759472217","153111872541287374148010254532861402235","84844479104922469123145650136873381337","2839830162856843112537799467360632339","93781514207428267086035567221395752890","46550453571787906225150361732149447396","112115463682973560938950716028849298333","234419127224589967834346841740175619327","182311796693765693336368824111205311935","286586140641224583010268132967431241219","4549786900216407333280300744289060178","235038765624297746982724450876579261780","229353987035307832145937329149868806857"],"threshold":0.9},"id":"CURL-CVE-2021-22924-5ffc7054","deprecated":false,"signature_type":"Line","signature_version":"v1"},{"target":{"file":"lib/url.c","function":"create_conn"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"function_hash":"248677399743325539643140681582998464273","length":10376},"id":"CURL-CVE-2021-22924-65c5d3c9","deprecated":false,"signature_type":"Function","signature_version":"v1"},{"target":{"file":"lib/vtls/openssl.c"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"line_hashes":["15757231600732059158571126738210615864","117297194168511139335890601047691353274","138162738216625249823585872246671233443","147188775421521834898568518394550291605","89737260241347709804384695839942085590","318509396129690063523857738033106073097","264506098599363399822308635250389899908","274912860633912436608852698371101886353","226691280622271496660979682611784869483","175500027849282046470475612004391296625","134520456038036498335310997176798181588","205513155513630399959947656952210446268","204905006960169871119557553463088111225","175021463767232054193704746405311102677","23693625037367047861775064605680333386","191429445508757613753957535825142679963","302591730111736563819300950364465242614","97438422859912533387679836331737701037","330330332109499592883786629861615514265","290099400450357343265566085917158862950","120537013791886103479240535362162086080","97438422859912533387679836331737701037","237171504862118343897598936381192612659","251045997626051927972639140287717601528","269951754765483649621071236782919165257","339782191851451572074317887953510321708"],"threshold":0.9},"id":"CURL-CVE-2021-22924-7abb74e2","deprecated":false,"signature_type":"Line","signature_version":"v1"},{"target":{"file":"lib/vtls/vtls.c"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"line_hashes":["178881535967346012844534644950804721617","15491625948753420841440374743570172541","149040547399085134523628283748476493915","286074142602130352306206274787889650603","103783743252185635213364904057627986924","44523985181067970189430356034193698845","147519152362249048856319206821814615632","123610764079018646825744040587986639482","28491497157451483591521087165952964885","105828568507482087968053650094540196569","17155300917969481069162815139569642501","149565981473750260567049695066475562244","146674854162478022566779611378330929397","105484363866334435499468113053511255352","68161695637551885713435561732280354275","171075501572669003584871720241871200760","86740406311077208702415908789574493621","30847945595387687381109931342760330654","283094443084957324069752826618452617396","333470389671590736452140016651734855648","252195360132147883602387796286157002936","118425473015913311769827279452339033834","227482610010153162648074697399567504837","285656102205084817448009996583162641794","99864908992219397062017706828922638924"],"threshold":0.9},"id":"CURL-CVE-2021-22924-7fb98150","deprecated":false,"signature_type":"Line","signature_version":"v1"},{"target":{"file":"lib/vtls/nss.c"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"line_hashes":["253668304373867434131915883306279004843","6098749495236049606845501337078767604","113464609033696595307876047359290863092","161304663542919207107361156362112408225","157523912409415977762975736989244532732","37453528659375637919847176861485781957"],"threshold":0.9},"id":"CURL-CVE-2021-22924-eed09ef4","deprecated":false,"signature_type":"Line","signature_version":"v1"},{"target":{"file":"lib/urldata.h"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"line_hashes":["277716173613333568270939873035932733905","243994665543004312243278186090819898326","333476890002922296191737523957188975406","108423462039099165372816647138974532328","301060764247840366787304667459951704429","143735507196655671240203607573988264066","106868650378686105475000263083078756885","204940380738548914723598794478466999600","251236219414679271158809357203900416385","18636468102943303674640048193104463704","194848697343772866306771499694126487788","201842751165840359112817185535784797224","175665670781964598315672527609109373936"],"threshold":0.9},"id":"CURL-CVE-2021-22924-f21819f5","deprecated":false,"signature_type":"Line","signature_version":"v1"},{"target":{"file":"lib/vtls/vtls.c","function":"Curl_free_primary_ssl_config"},"source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","digest":{"function_hash":"287691148767475833575965157359727109255","length":414},"id":"CURL-CVE-2021-22924-fb15ac30","deprecated":false,"signature_type":"Function","signature_version":"v1"}]}}],"schema_version":"1.7.5","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}