Wednesday, September 22, 2021

Ubuntu: USN-5079-1 (CVE-2021-22945): curl vulnerabilities

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-5079-1:It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945)Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946)Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Solution(s)
  • ubuntu-upgrade-curl
  • ubuntu-upgrade-libcurl3-gnutls
  • ubuntu-upgrade-libcurl3-nss
  • ubuntu-upgrade-libcurl4


  • References
  • USN-5079-1
  • USN-5079-2
  • CVE-2021-22945




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore