VDB

CVE-2021-22890

CVE-2021-22890 PUBLISHED

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

EPSS 0.07% · 21.4th percentile

Risk Scores

EPSS Score
0.07%
21.4th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTScurl0, 7.65.3-1ubuntu4, 7.66.0-1ubuntu1

Timeline

  • CVE Published
  • Apr 14, 2021 EPSS Score
  • Apr 30, 2021 PoC Published
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Mar 9, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›