ID

VAR-202104-0334


CVE

CVE-2021-22876


TITLE

Debian Security Advisory 4881-1

Trust: 0.1

sources: PACKETSTORM: 169015

DESCRIPTION

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876) A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898). CVE-2020-8177 sn reported that curl could be tricked by a malicious server into overwriting a local file when using th -J (--remote-header-name) and -i (--include) options in the same command line. CVE-2020-8231 Marc Aldorasi reported that libcurl might use the wrong connection when an application using libcurl's multi API sets the option CURLOPT_CONNECT_ONLY, which could lead to information leaks. CVE-2020-8284 Varnavas Papaioannou reported that a malicious server could use the PASV response to trick curl into connecting back to an arbitrary IP address and port, potentially making curl extract information about services that are otherwise private and not disclosed. CVE-2020-8285 xnynx reported that libcurl could run out of stack space when using tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). CVE-2020-8286 It was reported that libcurl didn't verify that an OCSP response actually matches the certificate it is intended to. CVE-2021-22890 Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3, libcurl could confuse session tickets arriving from the HTTPS proxy as if they arrived from the remote server instead. This could allow an HTTPS proxy to trick libcurl into using the wrong session ticket for the host and thereby circumvent the server TLS certificate check. For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. 1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure 1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary: An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924) * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. ========================================================================== Ubuntu Security Notice USN-4898-1 March 31, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: curl could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: curl 7.68.0-1ubuntu4.3 libcurl3-gnutls 7.68.0-1ubuntu4.3 libcurl3-nss 7.68.0-1ubuntu4.3 libcurl4 7.68.0-1ubuntu4.3 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.5 libcurl3-gnutls 7.68.0-1ubuntu2.5 libcurl3-nss 7.68.0-1ubuntu2.5 libcurl4 7.68.0-1ubuntu2.5 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.13 libcurl3-gnutls 7.58.0-2ubuntu3.13 libcurl3-nss 7.58.0-2ubuntu3.13 libcurl4 7.58.0-2ubuntu3.13 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.19 libcurl3 7.47.0-1ubuntu2.19 libcurl3-gnutls 7.47.0-1ubuntu2.19 libcurl3-nss 7.47.0-1ubuntu2.19 In general, a standard system update will make all the necessary changes. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API. Bug Fix(es): * Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873) * Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/): 1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input 5. Summary: The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 5

Trust: 1.8

sources: NVD: CVE-2021-22876 // VULMON: CVE-2021-22876 // PACKETSTORM: 169015 // PACKETSTORM: 165296 // PACKETSTORM: 165286 // PACKETSTORM: 164886 // PACKETSTORM: 166714 // PACKETSTORM: 163197 // PACKETSTORM: 162037 // PACKETSTORM: 165096 // PACKETSTORM: 165099

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:haxxmodel:libcurlscope:lteversion:7.75.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.1.1

Trust: 1.0

sources: NVD: CVE-2021-22876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22876
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2021-22876
value: MEDIUM

Trust: 1.0

VULMON: CVE-2021-22876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-22876
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: VULMON: CVE-2021-22876 // NVD: CVE-2021-22876 // NVD: CVE-2021-22876

PROBLEMTYPE DATA

problemtype:CWE-359

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2021-22876

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 162037

TYPE

code execution

Trust: 0.4

sources: PACKETSTORM: 165296 // PACKETSTORM: 165286 // PACKETSTORM: 165096 // PACKETSTORM: 165099

PATCH

title:Debian CVElist Bug Report Logs: curl: CVE-2021-22876url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dc9338ed355a659e53e38756033db037

Trust: 0.1

title:Red Hat: Moderate: rh-dotnet31-curl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221354 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1509url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1509

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1653url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1653

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-22876 log

Trust: 0.1

title:Debian Security Advisories: DSA-4881-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a9706a30f62799ecc4d45bdb53c244eb

Trust: 0.1

title:Red Hat: Moderate: Release of OpenShift Serverless 1.20.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220434 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220318 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2 director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220842 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221081 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220580 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=4a9822530e6b610875f83ffc10e02aba

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:clair-clienturl:https://github.com/indece-official/clair-client

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2021-22876

EXTERNAL IDS

db:NVDid:CVE-2021-22876

Trust: 2.0

db:HACKERONEid:1101882

Trust: 1.0

db:SIEMENSid:SSA-389290

Trust: 1.0

db:VULMONid:CVE-2021-22876

Trust: 0.1

db:PACKETSTORMid:169015

Trust: 0.1

db:PACKETSTORMid:165296

Trust: 0.1

db:PACKETSTORMid:165286

Trust: 0.1

db:PACKETSTORMid:164886

Trust: 0.1

db:PACKETSTORMid:166714

Trust: 0.1

db:PACKETSTORMid:163197

Trust: 0.1

db:PACKETSTORMid:162037

Trust: 0.1

db:PACKETSTORMid:165096

Trust: 0.1

db:PACKETSTORMid:165099

Trust: 0.1

sources: VULMON: CVE-2021-22876 // PACKETSTORM: 169015 // PACKETSTORM: 165296 // PACKETSTORM: 165286 // PACKETSTORM: 164886 // PACKETSTORM: 166714 // PACKETSTORM: 163197 // PACKETSTORM: 162037 // PACKETSTORM: 165096 // PACKETSTORM: 165099 // NVD: CVE-2021-22876

REFERENCES

url:https://security.gentoo.org/glsa/202105-36

Trust: 1.0

url:https://hackerone.com/reports/1101882

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html

Trust: 1.0

url:https://curl.se/docs/cve-2021-22876.html

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20210521-0007/

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/

Trust: 1.0

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22890

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.2

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24504

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36158

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20284

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3348

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26140

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3487

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31440

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3732

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0129

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23133

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36312

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24588

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29646

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29660

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26139

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26143

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3600

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26147

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31916

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24502

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31829

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24503

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4511

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1354

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22901

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22901

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22890

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2472

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8169

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4898-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28493

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26301

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26301

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28957

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3757

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4848

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3620

Trust: 0.1

sources: PACKETSTORM: 169015 // PACKETSTORM: 165296 // PACKETSTORM: 165286 // PACKETSTORM: 164886 // PACKETSTORM: 166714 // PACKETSTORM: 163197 // PACKETSTORM: 162037 // PACKETSTORM: 165096 // PACKETSTORM: 165099 // NVD: CVE-2021-22876

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165296 // PACKETSTORM: 165286 // PACKETSTORM: 164886 // PACKETSTORM: 166714 // PACKETSTORM: 163197 // PACKETSTORM: 165096 // PACKETSTORM: 165099

SOURCES

db:VULMONid:CVE-2021-22876
db:PACKETSTORMid:169015
db:PACKETSTORMid:165296
db:PACKETSTORMid:165286
db:PACKETSTORMid:164886
db:PACKETSTORMid:166714
db:PACKETSTORMid:163197
db:PACKETSTORMid:162037
db:PACKETSTORMid:165096
db:PACKETSTORMid:165099
db:NVDid:CVE-2021-22876

LAST UPDATE DATE

2025-10-16T20:05:22.710000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-22876date:2023-11-07T00:00:00
db:NVDid:CVE-2021-22876date:2025-06-09T15:15:23.067

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-22876date:2021-04-01T00:00:00
db:PACKETSTORMid:169015date:2021-03-28T19:12:00
db:PACKETSTORMid:165296date:2021-12-15T15:27:05
db:PACKETSTORMid:165286date:2021-12-15T15:20:33
db:PACKETSTORMid:164886date:2021-11-10T17:12:32
db:PACKETSTORMid:166714date:2022-04-13T22:20:44
db:PACKETSTORMid:163197date:2021-06-17T18:09:26
db:PACKETSTORMid:162037date:2021-03-31T14:30:52
db:PACKETSTORMid:165096date:2021-11-29T18:12:32
db:PACKETSTORMid:165099date:2021-11-30T14:44:48
db:NVDid:CVE-2021-22876date:2021-04-01T18:15:12.823