openEuler update for curl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-22925 CVE-2021-22926 |
| CWE-ID | CWE-457 CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system curl-help Operating systems & Components / Operating system package or component libcurl-devel Operating systems & Components / Operating system package or component curl-debugsource Operating systems & Components / Operating system package or component libcurl Operating systems & Components / Operating system package or component curl-debuginfo Operating systems & Components / Operating system package or component curl Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use of Uninitialized Variable
EUVDB-ID: #VU55149
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22925
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS SP2
curl-help: before 7.71.1-10
libcurl-devel: before 7.71.1-10
curl-debugsource: before 7.71.1-10
libcurl: before 7.71.1-10
curl-debuginfo: before 7.71.1-10
curl: before 7.71.1-10
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1321
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Certificate Validation
EUVDB-ID: #VU55147
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22926
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an error in the CURLOPT_SSLCERT option mixup with TLS library Secure Transport. A remote attacker can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS SP2
curl-help: before 7.71.1-10
libcurl-devel: before 7.71.1-10
curl-debugsource: before 7.71.1-10
libcurl: before 7.71.1-10
curl-debuginfo: before 7.71.1-10
curl: before 7.71.1-10
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1321
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
