PT-2021-4598 · Libcurl+8 · Libcurl+8

Published

2021-05-27

·

Updated

2026-05-18

·

CVE-2021-22924

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)
Description The issue arises from errors in the logic of libcurl's config matching function, which does not account for the 'issuercert' and compares file paths case insensitively. This could lead to libcurl reusing incorrect connections, potentially allowing a remote attacker to access confidential data. File paths can be case sensitive on many systems, but this sensitivity can vary depending on the file system used. The comparison also fails to include the 'issuer cert', which is used to verify the server certificate.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-295CWE-706

Related Identifiers

ALT-PU-2021-1865
ALT-PU-2021-1911
ALT-PU-2021-2146
ALT-PU-2021-3241
ALT-PU-2022-2171
ALT-PU-2023-1912
AZL-6367
BDU:2021-05280
CESA-2021_3582
CLEANSTART-2026-AY18527
CLEANSTART-2026-BW46578
CLEANSTART-2026-DI23929
CLEANSTART-2026-LQ42192
CLEANSTART-2026-OF85770
CVE-2021-22924
DLA-2734-1
DLA-3085-1
DSA-5197-1
MGASA-2021-0384
OESA-2021-1300
OPENSUSE-SU-2021:1088-1
OPENSUSE-SU-2021:2439-1
OPENSUSE-SU-2021_1088-1
OPENSUSE-SU-2021_2439-1
OPENSUSE-SU-2024:10582-1
RHSA-2021:3582
RHSA-2021_3582
RHSA-2022:1354
RLSA-2021:3582
SUSE-SU-2021:14768-1
SUSE-SU-2021:2425-1
SUSE-SU-2021:2439-1
SUSE-SU-2021:2440-1
SUSE-SU-2021:2462-1
SUSE-SU-2021_14768-1
USN-5021-1

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libcurl