Main Vulnerability Database Vulnerabilities #VU55146

#VU55146 Improper Certificate Validation in cURL - CVE-2021-22924

Published: July 21, 2021

Vulnerability identifier: #VU55146

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-22924

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to errors in the logic when the config matching function does not take "issuer cert" into account and it compares the involved paths case insensitively. A remote attacker can gain access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2021-22924.html

#VU55146 Improper Certificate Validation in cURL - CVE-2021-22924

Description

Remediation

External links

Please verify you're human