CVE-2021-22926

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.77.0 MySQL Server versions 5.7.35 and earlier, 8.0.26 and earlier

Description The issue arises when libcurl-using applications request a specific client certificate for a transfer using the CURLOPT SSLCERT option. On macOS, where libcurl is built with the native TLS library Secure Transport, an application can specify the client certificate by name or file name. However, if the application's current working directory is writable by other users, a malicious user can create a file with the same name as the intended certificate, causing the application to use the wrong client certificate. This can lead to libcurl sending the incorrect client certificate during the TLS connection handshake.

Recommendations For libcurl versions prior to 7.77.0, consider updating to version 7.77.0 or later to resolve the issue. For MySQL Server versions 5.7.35 and earlier, update to version 5.7.36 or later. For MySQL Server versions 8.0.26 and earlier, update to version 8.0.27 or later. As a temporary workaround, consider restricting the application's current working directory to a non-writable location to minimize the risk of exploitation.