openEuler 20.03 LTS SP1 update for curl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-22897 CVE-2021-22898 |
| CWE-ID | CWE-326 CWE-457 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system curl-help Operating systems & Components / Operating system package or component curl-debuginfo Operating systems & Components / Operating system package or component libcurl-devel Operating systems & Components / Operating system package or component libcurl Operating systems & Components / Operating system package or component curl-debugsource Operating systems & Components / Operating system package or component curl Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Inadequate encryption strength
EUVDB-ID: #VU53584
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22897
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to force applications use weak cryptographic ciphers.
The vulnerability exists due to a logic error when selecting TLS ciphers during connection via the CURLOPT_SSL_CIPHER_LIST option in libcurl. The selected cipher set was stored in a single "static" variable in the library that is used for multiple concurrent transfers within the specific application, the last one that sets the ciphers will accidentally control the set used by all transfers.
The vulnerability can be triggered when Schannel is used, which is the native TLS library in Microsoft Windows.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
curl-help: before 7.71.1-7
curl-debuginfo: before 7.71.1-7
libcurl-devel: before 7.71.1-7
libcurl: before 7.71.1-7
curl-debugsource: before 7.71.1-7
curl: before 7.71.1-7
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1216
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized variable
EUVDB-ID: #VU53587
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22898
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.
Proof of concept:
curl telnet://example.com -tNEW_ENV=a,bbbbbb (256 'b's)Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
curl-help: before 7.71.1-7
curl-debuginfo: before 7.71.1-7
libcurl-devel: before 7.71.1-7
libcurl: before 7.71.1-7
curl-debugsource: before 7.71.1-7
curl: before 7.71.1-7
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1216
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
