Headline
CVE-2021-22897: curl - schannel cipher selection surprise
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single “static” variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
Project curl Security Advisory, May 26th 2021 - Permalink
VULNERABILITY
libcurl lets applictions specify which specific TLS ciphers to use in transfers, using the option called CURLOPT_SSL_CIPHER_LIST. The cipher selection is used for the TLS negotation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
Due to a mistake in the code, the selected cipher set was stored in a single “static” variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
We are not aware of any exploit of this flaw.
INFO
This flaw has existed in libcurl since commit 9aefbff30d280c60fc in libcurl 7.61.0, released on July 11, 2018.
It can only trigger when Schannel is used, which is the native TLS library in Microsoft Windows.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-22897 to this issue.
CWE-488: Exposure of Data Element to Wrong Session
Severity: Low
AFFECTED VERSIONS
This issue only exists when libcurl is built to use Schannel.
- Affected versions: libcurl 7.61.0 to and including 7.76.1
- Not affected versions: libcurl < 7.61.0 and libcurl >= 7.77.0
Also note that libcurl is used by many applications, and not always advertised as such.
THE SOLUTION
Store the cipher selection in data associated with the connection.
A fix for CVE-2021-22897
RECOMMENDATIONS
If you’re using an Schannel based libcurl, We suggest you take one of the following actions immediately, in order of preference:
A - Upgrade libcurl to version 7.77.0
B - Apply the patch to your local version
C - Avoid using CURLOPT_SSL_CIPHER_LIST
TIMELINE
This issue was reported to the curl project on April 23, 2021.
This advisory was posted on May 26, 2021.
CREDITS
- Reported-by: Harry Sintonen
- Patched-by: Daniel Stenberg
Thanks a lot!
Related news
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically i...