CVE-2021-22924 (CNNVD-202107-1569)

LOW
中文标题:
libcurl 资源管理错误漏洞
英文标题:
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if ...
CVSS分数: 3.7
发布时间: 2021-08-05 20:16:56
漏洞类型: 资源管理错误
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

libcurl是一款用于从服务器传输数据或向服务器传输数据的工具。 libcurl 中存在资源管理错误漏洞,该漏洞源于存在逻辑错误,可能导致libcurl 重用错误的连接。

英文描述:

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

CWE类型:
CWE-20 CWE-706
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
haxx libcurl * - - cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
fedoraproject fedora 33 - - cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
debian debian_linux 9.0 - - cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 - - cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian debian_linux 11.0 - - cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
netapp cloud_backup - - - cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netapp clustered_data_ontap - - - cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
netapp solidfire_\&_hci_management_node - - - cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
netapp solidfire_baseboard_management_controller_firmware - - - cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
oracle mysql_server * - - cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.59 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
siemens sinec_infrastructure_network_services * - - cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
siemens sinema_remote_connect_server * - - cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
siemens logo\!_cmr2040_firmware * - - cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*
siemens logo\!_cmr2020_firmware * - - cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*
siemens ruggedcomrm_1224_lte_firmware * - - cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*
siemens scalance_m804pb_firmware * - - cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
siemens scalance_m812-1_firmware * - - cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*
siemens scalance_m816-1_firmware * - - cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*
siemens scalance_m826-2_firmware * - - cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*
siemens scalance_m874-2_firmware * - - cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
siemens scalance_m874-3_firmware * - - cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*
siemens scalance_m876-3_firmware * - - cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*
siemens scalance_m876-4_firmware * - - cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*
siemens scalance_mum856-1_firmware * - - cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*
siemens scalance_s615_firmware * - - cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*
siemens simatic_cp_1543-1_firmware * - - cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*
siemens simatic_cp_1545-1_firmware * - - cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*
siemens simatic_rtu3010c_firmware * - - cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*
siemens simatic_rtu3030c_firmware * - - cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*
siemens simatic_rtu3031c_firmware * - - cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*
siemens simatic_rtu_3041c_firmware * - - cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*
siemens sinema_remote_connect * - - cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*
siemens siplus_net_cp_1543-1_firmware * - - cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*
splunk universal_forwarder * - - cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
splunk universal_forwarder 9.1.0 - - cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 x_refsource_MISC
cve.org
访问
FEDORA-2021-5d21b90a30 vendor-advisory
cve.org
访问
[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update mailing-list
cve.org
访问
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image mailing-list
cve.org
访问
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image mailing-list
cve.org
访问
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image mailing-list
cve.org
访问
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
DSA-5197 vendor-advisory
cve.org
访问
[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update mailing-list
cve.org
访问
CVSS评分详情
3.1 (adp)
LOW
3.7
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
机密性
LOW
完整性
NONE
可用性
NONE
时间信息
发布时间:
2021-08-05 20:16:56
修改时间:
2025-06-09 15:02:19
创建时间:
2025-11-11 15:36:40
更新时间:
2025-11-11 15:56:48
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2021-22924 2025-11-11 15:20:49 2025-11-11 07:36:40
NVD nvd_CVE-2021-22924 2025-11-11 14:57:40 2025-11-11 07:45:00
CNNVD cnnvd_CNNVD-202107-1569 2025-11-11 15:10:41 2025-11-11 07:56:48
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:56:48
vulnerability_type: 未提取 → 资源管理错误; cnnvd_id: 未提取 → CNNVD-202107-1569; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 资源管理错误
  • cnnvd_id: 未提取 -> CNNVD-202107-1569
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:45:00
affected_products_count: 0 → 38; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 0 -> 38
  • data_sources: ['cve'] -> ['cve', 'nvd']