{"id":"CVE-2021-22890","details":"curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.","aliases":["CURL-CVE-2021-22890"],"modified":"2026-05-18T05:52:44.147051108Z","published":"2021-04-01T18:15:12.917Z","related":["SUSE-SU-2021:1006-1","openSUSE-SU-2021:0510-1","openSUSE-SU-2024:10582-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]},{"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"32"},{"last_affected":"33"},{"last_affected":"34"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]},{"vendor_product":"oracle:communications_billing_and_revenue_management","extracted_events":[{"last_affected":"12.0.0.3.0"}],"cpes":["cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"oracle:essbase","extracted_events":[{"last_affected":"21.2"}],"cpes":["cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"siemens:sinec_infrastructure_network_services","extracted_events":[{"fixed":"1.0.1.1"}],"cpes":["cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"splunk:universal_forwarder","extracted_events":[{"introduced":"8.2.0"},{"fixed":"8.2.12"},{"introduced":"9.0.0"},{"fixed":"9.0.6"},{"last_affected":"9.1.0"}],"cpes":["cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-36"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210521-0007/"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"FIX","url":"https://curl.se/docs/CVE-2021-22890.html"},{"type":"FIX","url":"https://hackerone.com/reports/1129529"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"4258dc02d86e7e4de9f795a1af3a0bc6732d4ab5"},{"last_affected":"2f33be817cbce6ad7a36f27dd7ada9219f13584c"}],"database_specific":{"cpe":"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"7.63.0"},{"last_affected":"7.75.0"}],"source":"CPE_FIELD"}}],"versions":["curl-7_75_0","curl-7_74_0","curl-7_73_0","curl-7_72_0","curl-7_71_1","curl-7_71_0","curl-7_70_0","curl-7_69_1","curl-7_69_0","curl-7_68_0","curl-7_67_0","curl-7_66_0","curl-7_65_3","curl-7_65_2","curl-7_65_1","curl-7_65_0","curl-7_64_1","curl-7_64_0","curl-7_63_0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22890.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}