CVE-2021-22945
Vulnerability from cvelistv5
Published
2021-09-23 00:00
Modified
2024-08-03 18:58
Severity ?
Summary
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1269242"
          },
          {
            "name": "FEDORA-2021-fc96a3a749",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
          },
          {
            "name": "FEDORA-2021-1d24845e93",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213183"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "curl 7.73.0 to and including 7.78.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "Double Free (CWE-415)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1269242"
        },
        {
          "name": "FEDORA-2021-fc96a3a749",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
        },
        {
          "name": "FEDORA-2021-1d24845e93",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://support.apple.com/kb/HT213183"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22945",
    "datePublished": "2021-09-23T00:00:00",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22945\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-09-23T13:15:08.690\",\"lastModified\":\"2024-03-27T15:04:30.460\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.\"},{\"lang\":\"es\",\"value\":\"Cuando se env\u00edan datos a un servidor MQTT, libcurl versiones anteriores a 7.73.0, incluy\u00e9ndola y 7.78.0, podr\u00eda en algunas circunstancias, mantener err\u00f3neamente un puntero a un \u00e1rea de memoria ya liberada y usarlo de nuevo en una llamada posterior para enviar datos y tambi\u00e9n liberarlo *de nuevo*\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]},{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.73.0\",\"versionEndIncluding\":\"7.78.0\",\"matchCriteriaId\":\"9F299899-24BA-432D-818D-32546C576E9B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7.0\",\"versionEndIncluding\":\"5.7.35\",\"matchCriteriaId\":\"E667933A-37EA-4BC2-9180-C3B4B7038866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.26\",\"matchCriteriaId\":\"709E83B4-8C66-4255-870B-2F72B37BA8C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB9B8171-F6CA-427D-81E0-6536D3BBFA8D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090AA6F4-4404-4E26-82AB-C3A22636F276\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.3\",\"matchCriteriaId\":\"9422A022-F279-4596-BC97-3223611D73DC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.1\",\"matchCriteriaId\":\"65B7AF44-C3DB-4C29-8690-827CD4518653\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.12\",\"matchCriteriaId\":\"5722E753-75DE-4944-A11B-556CB299B57D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.6\",\"matchCriteriaId\":\"DC0F9351-81A4-4FEA-B6B5-6E960A933D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/Mar/29\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1269242\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202212-01\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211029-0003/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213183\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5197\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.