{"id":"CURL-CVE-2021-22924","summary":"Bad connection reuse due to flawed path name checks","details":"libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse, if one of them matches the setup.\n\nDue to errors in the logic, the config matching function did not take 'issuer\ncert' into account and it compared the involved paths *case insensitively*,\nwhich could lead to libcurl reusing wrong connections.\n\nFile paths are, or can be, case sensitive on many systems but not all, and can\neven vary depending on used file systems.\n\nThe comparison also did not include the 'issuer cert' which a transfer can set\nto qualify how to verify the server certificate.","aliases":["CVE-2021-22924"],"modified":"2024-06-07T13:53:51Z","published":"2021-07-21T08:00:00Z","database_specific":{"severity":"Medium","CWE":{"desc":"Improper Certificate Validation","id":"CWE-295"},"package":"curl","award":{"amount":"1200","currency":"USD"},"affects":"both","www":"https://curl.se/docs/CVE-2021-22924.html","URL":"https://curl.se/docs/CVE-2021-22924.json","last_affected":"7.77.0","issue":"https://hackerone.com/reports/1223565"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.10.4"},{"fixed":"7.78.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"89721ff04af70f527baae1368f3b992777bf6526"},{"fixed":"5ea3145850ebff1dc2b13d17440300a01ca38161"}]}],"versions":["7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6","7.10.5","7.10.4"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2021-22924.json","vanir_signatures":[{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/vtls.c","function":"Curl_ssl_config_matches"},"digest":{"length":959,"function_hash":"160738917255142178955719735977220262662"},"signature_type":"Function","id":"CURL-CVE-2021-22924-000012e9"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/vtls.c","function":"Curl_clone_primary_ssl_config"},"digest":{"length":607,"function_hash":"242173141107224124593678877270860419379"},"signature_type":"Function","id":"CURL-CVE-2021-22924-3090f164"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/gtls.c"},"digest":{"threshold":0.9,"line_hashes":["92808530411196095553505616157115942300","45908650368393808521057200267284180006","65749180650725409552700972312456308709","279012087684869453557416819277899115117","103860506802024578069238006428027510678","71080160458351588707589298016896833413","8573403993379032944205432985058103251","290296481367090699367906201443546441822","164156621551702113882480748469909602192","37439760373268398819219735979266640793","264559488954933425065606112307380306297","147768301069492776064288891387278737600","24189586831723203088695513291558074805","101764922127543190502463200563219920239","195374512285048170792986521670755682324","4653310523144342939875486544856805823","153496304968905480299042061006678310230","25698682391873307635810879422215793501","19364255763905544985647682997849314189","201295286300248511913340915835683442594","241785596331168220846828305650148360325","9760484766662901931555145842670872098"]},"signature_type":"Line","id":"CURL-CVE-2021-22924-462e4343"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/url.c"},"digest":{"threshold":0.9,"line_hashes":["293346117710277402906988127379890480911","318951684812481869243577089894720244646","18170087799223666007426473235044785551","266187893201071675177604364123925103853","171260927682318293961594133787203067126","328809578005112650065821281926250553108","225365005245117342631172596991759472217","153111872541287374148010254532861402235","84844479104922469123145650136873381337","2839830162856843112537799467360632339","93781514207428267086035567221395752890","46550453571787906225150361732149447396","112115463682973560938950716028849298333","234419127224589967834346841740175619327","182311796693765693336368824111205311935","286586140641224583010268132967431241219","4549786900216407333280300744289060178","235038765624297746982724450876579261780","229353987035307832145937329149868806857"]},"signature_type":"Line","id":"CURL-CVE-2021-22924-5ffc7054"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/url.c","function":"create_conn"},"digest":{"length":10376,"function_hash":"248677399743325539643140681582998464273"},"signature_type":"Function","id":"CURL-CVE-2021-22924-65c5d3c9"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/openssl.c"},"digest":{"threshold":0.9,"line_hashes":["15757231600732059158571126738210615864","117297194168511139335890601047691353274","138162738216625249823585872246671233443","147188775421521834898568518394550291605","89737260241347709804384695839942085590","318509396129690063523857738033106073097","264506098599363399822308635250389899908","274912860633912436608852698371101886353","226691280622271496660979682611784869483","175500027849282046470475612004391296625","134520456038036498335310997176798181588","205513155513630399959947656952210446268","204905006960169871119557553463088111225","175021463767232054193704746405311102677","23693625037367047861775064605680333386","191429445508757613753957535825142679963","302591730111736563819300950364465242614","97438422859912533387679836331737701037","330330332109499592883786629861615514265","290099400450357343265566085917158862950","120537013791886103479240535362162086080","97438422859912533387679836331737701037","237171504862118343897598936381192612659","251045997626051927972639140287717601528","269951754765483649621071236782919165257","339782191851451572074317887953510321708"]},"signature_type":"Line","id":"CURL-CVE-2021-22924-7abb74e2"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/vtls.c"},"digest":{"threshold":0.9,"line_hashes":["178881535967346012844534644950804721617","15491625948753420841440374743570172541","149040547399085134523628283748476493915","286074142602130352306206274787889650603","103783743252185635213364904057627986924","44523985181067970189430356034193698845","147519152362249048856319206821814615632","123610764079018646825744040587986639482","28491497157451483591521087165952964885","105828568507482087968053650094540196569","17155300917969481069162815139569642501","149565981473750260567049695066475562244","146674854162478022566779611378330929397","105484363866334435499468113053511255352","68161695637551885713435561732280354275","171075501572669003584871720241871200760","86740406311077208702415908789574493621","30847945595387687381109931342760330654","283094443084957324069752826618452617396","333470389671590736452140016651734855648","252195360132147883602387796286157002936","118425473015913311769827279452339033834","227482610010153162648074697399567504837","285656102205084817448009996583162641794","99864908992219397062017706828922638924"]},"signature_type":"Line","id":"CURL-CVE-2021-22924-7fb98150"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/nss.c"},"digest":{"threshold":0.9,"line_hashes":["253668304373867434131915883306279004843","6098749495236049606845501337078767604","113464609033696595307876047359290863092","161304663542919207107361156362112408225","157523912409415977762975736989244532732","37453528659375637919847176861485781957"]},"signature_type":"Line","id":"CURL-CVE-2021-22924-eed09ef4"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/urldata.h"},"digest":{"threshold":0.9,"line_hashes":["277716173613333568270939873035932733905","243994665543004312243278186090819898326","333476890002922296191737523957188975406","108423462039099165372816647138974532328","301060764247840366787304667459951704429","143735507196655671240203607573988264066","106868650378686105475000263083078756885","204940380738548914723598794478466999600","251236219414679271158809357203900416385","18636468102943303674640048193104463704","194848697343772866306771499694126487788","201842751165840359112817185535784797224","175665670781964598315672527609109373936"]},"signature_type":"Line","id":"CURL-CVE-2021-22924-f21819f5"},{"deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/5ea3145850ebff1dc2b13d17440300a01ca38161","target":{"file":"lib/vtls/vtls.c","function":"Curl_free_primary_ssl_config"},"digest":{"length":414,"function_hash":"287691148767475833575965157359727109255"},"signature_type":"Function","id":"CURL-CVE-2021-22924-fb15ac30"}]}}],"schema_version":"1.7.3","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}