CVE-2021-22897
5.3 MEDIUMcurl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIS...
Published: 2021-06-11 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-668, CWE-840
Affected products
| Vendor | Product |
|---|---|
| haxx | cloud_backup, communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment |
| netapp | cloud_backup, communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment |
| oracle | cloud_backup, communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment |
| siemens | cloud_backup, communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment |
| splunk | cloud_backup, communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment |
Description
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-22897
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- [Patch]https://curl.se/docs/CVE-2021-22897.html
- [Patch]https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511
- [Exploit reference]https://hackerone.com/reports/1172857
- [Other]https://security.netapp.com/advisory/ntap-20210727-0007/
- [Patch]https://www.oracle.com//security-alerts/cpujul2021.html
- [Patch]https://www.oracle.com/security-alerts/cpuapr2022.html
- [Patch]https://www.oracle.com/security-alerts/cpujan2022.html
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- [Patch]https://curl.se/docs/CVE-2021-22897.html
- [Patch]https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511
- [Exploit reference]https://hackerone.com/reports/1172857
- [Other]https://security.netapp.com/advisory/ntap-20210727-0007/
- [Patch]https://www.oracle.com//security-alerts/cpujul2021.html
- [Patch]https://www.oracle.com/security-alerts/cpuapr2022.html
- [Patch]https://www.oracle.com/security-alerts/cpujan2022.html
- [Exploit reference]https://hackerone.com/reports/1172857
Related CVEs
Same vendor
- CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
- CVE-2026-46840 — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service) (10.0 CRITICAL)
- CVE-2026-46839 — Vulnerability in Oracle REST Data Services (component: Core) (9.9 CRITICAL)
Same CWE
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
- CVE-2026-41973 — Permission control vulnerability in calls (5.9 MEDIUM)
- CVE-2026-42535 — A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV proper... (9.1 CRITICAL)
- CVE-2026-11465 — A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7 (3.1 LOW)
- CVE-2025-15653 — Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unau... (6.8 MEDIUM)