people.canonical.com
Open in
urlscan Pro
91.189.89.62
Public Scan
URL:
https://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22946
Submission: On April 27 via api from IL — Scanned from GB
Submission: On April 27 via api from IL — Scanned from GB
Form analysis 0 forms found in the DOM
Text Content
Ubuntu CVE Tracker * Home * Main * Universe * Partner CVE-2021-22946 Priority Medium Description A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946 https://curl.se/docs/CVE-2021-22946.html https://ubuntu.com/security/notices/USN-5079-1 https://ubuntu.com/security/notices/USN-5079-2 Assigned-to mdeslaur Notes mdeslaurintroduced by: https://github.com/curl/curl/commit/ec3bb8f727405 and https://github.com/curl/curl/commit/c5ba0c2f544653 Package Source: curl (LP Ubuntu Debian) Upstream:needs-triage Ubuntu 18.04 LTS:released (7.58.0-2ubuntu3.15) Ubuntu 20.04 LTS:released (7.68.0-1ubuntu2.7) Ubuntu 21.10:released (7.74.0-1.3ubuntu2) Ubuntu 16.04 ESM:released (7.47.0-1ubuntu2.19+esm1) Ubuntu 22.04 LTS:released (7.74.0-1.3ubuntu2) Ubuntu 14.04 ESM:released (7.35.0-1ubuntu2.20+esm8) Patches: More Information * Mitre * NVD * Launchpad * Debian Updated: 2022-04-25 00:52:47 UTC (commit ecc1009cb19540b950de59270950018900f37f15) © Canonical Ltd. 2007-2022