ByteOS Network

▼CVE Numbering Authority (CNA)

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Affected Products

Vendor

n/a

Product

https://github.com/curl/curl

Versions

Affected

curl 7.20.0 to and including 7.78.0

Problem Types

Type	CWE ID	Description
CWE	CWE-310	Cryptographic Issues - Generic (CWE-310)

References

Hyperlink	Resource
https://hackerone.com/reports/1334763	N/A
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html	mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/	vendor-advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/	vendor-advisory
https://www.oracle.com/security-alerts/cpujan2022.html	N/A
https://security.netapp.com/advisory/ntap-20211029-0003/	N/A
http://seclists.org/fulldisclosure/2022/Mar/29	mailing-list
https://www.oracle.com/security-alerts/cpuapr2022.html	N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	N/A
https://support.apple.com/kb/HT213183	N/A
https://www.oracle.com/security-alerts/cpujul2022.html	N/A
https://www.debian.org/security/2022/dsa-5197	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html	mailing-list
https://security.gentoo.org/glsa/202212-01	vendor-advisory

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Hyperlink	Resource
https://hackerone.com/reports/1334763	x_transferred
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html	mailing-list x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/	vendor-advisory x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/	vendor-advisory x_transferred
https://www.oracle.com/security-alerts/cpujan2022.html	x_transferred
https://security.netapp.com/advisory/ntap-20211029-0003/	x_transferred
http://seclists.org/fulldisclosure/2022/Mar/29	mailing-list x_transferred
https://www.oracle.com/security-alerts/cpuapr2022.html	x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	x_transferred
https://support.apple.com/kb/HT213183	x_transferred
https://www.oracle.com/security-alerts/cpujul2022.html	x_transferred
https://www.debian.org/security/2022/dsa-5197	vendor-advisory x_transferred
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html	mailing-list x_transferred
https://security.gentoo.org/glsa/202212-01	vendor-advisory x_transferred