CVE-2021-22901

Name of the Vulnerable Software and Affected Versions curl versions 7.75.0 through 7.76.1 MySQL Server version 5.7.34 and earlier MySQL Server version 8.0.25 and earlier

Description The issue is related to a use-after-free vulnerability, which can allow a remote attacker to potentially execute arbitrary code. This occurs when a TLS 1.3 session ticket arrives over a connection, and the memory has already been freed. A malicious server can exploit this in rare circumstances. The vulnerability is also related to the use of OpenSSL and the storage of pointers to transfer in-memory objects for later retrieval. If the connection is used by multiple transfers, the first transfer object might be freed before the new session is established, allowing the function to access a memory buffer that might be freed.

Recommendations For curl versions 7.75.0 through 7.76.1, update to a version outside of this range to resolve the issue. For MySQL Server version 5.7.34 and earlier, update to a version later than 5.7.34 to resolve the issue. For MySQL Server version 8.0.25 and earlier, update to a version later than 8.0.25 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable libcurl component until a patch is available. Avoid using the curl command with TLS 1.3 session tickets until the issue is resolved.