Improper Certificate Validation in cURL - CVE-2021-22926
Published: July 21, 2021
Vulnerability identifier: #VU55147
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-22926
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: curl.haxx.se
Affected software:
cURL
cURL
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an error in the CURLOPT_SSLCERT option mixup with TLS library Secure Transport. A remote attacker can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.
How to mitigate CVE-2021-22926
Install updates from vendor's website.