{"id":"CURL-CVE-2021-22897","summary":"Schannel cipher selection surprise","details":"libcurl lets applications specify which specific TLS ciphers to use in\ntransfers, using the option called `CURLOPT_SSL_CIPHER_LIST`. The cipher\nselection is used for the TLS negotiation when a transfer is done involving\nany of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,\nIMAPS, POP3S, SMTPS etc.\n\nDue to a mistake in the code, the selected cipher set was stored in a single\n\"static\" variable in the library, which has the surprising side-effect that if\nan application sets up multiple concurrent transfers, the last one that sets\nthe ciphers accidentally controls the set used by all transfers. In a\nworst-case scenario, this weakens transport security significantly.","aliases":["CVE-2021-22897"],"modified":"2026-05-21T06:00:20.549785268Z","published":"2021-05-26T08:00:00Z","database_specific":{"award":{"currency":"USD","amount":"800"},"issue":"https://hackerone.com/reports/1172857","URL":"https://curl.se/docs/CVE-2021-22897.json","www":"https://curl.se/docs/CVE-2021-22897.html","package":"curl","last_affected":"7.76.1","severity":"Low","CWE":{"id":"CWE-488","desc":"Exposure of Data Element to Wrong Session"},"affects":"both"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.61.0"},{"fixed":"7.77.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28"},{"fixed":"bbb71507b7bab52002f9b1e0880bed6a32834511"}]}],"versions":["7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","curl-7_76_1","curl-7_76_0","curl-7_75_0","curl-7_74_0","curl-7_73_0","tiny-curl-7_72_0","curl-7_72_0","curl-7_71_1","curl-7_71_0","curl-7_70_0","curl-7_69_1","curl-7_69_0","curl-7_68_0","curl-7_67_0","curl-7_66_0","curl-7_65_3","curl-7_65_2","curl-7_65_1","curl-7_65_0","curl-7_64_1","curl-7_64_0","curl-7_63_0","curl-7_62_0","curl-7_61_1","curl-7_61_0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2021-22897.json"}}],"schema_version":"1.7.5","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}