{"containers":{"cna":{"affected":[{"product":"https://github.com/curl/curl","vendor":"n/a","versions":[{"status":"affected","version":"7.63.0 to and including 7.75.0"}]}],"descriptions":[{"lang":"en","value":"curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-300","description":"Man-in-the-Middle (CWE-300)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-03-08T14:08:39.000Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"tags":["x_refsource_MISC"],"url":"https://hackerone.com/reports/1129529"},{"tags":["x_refsource_MISC"],"url":"https://curl.se/docs/CVE-2021-22890.html"},{"name":"FEDORA-2021-cab5c9befb","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"},{"name":"FEDORA-2021-065371f385","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"},{"name":"FEDORA-2021-26a293c72b","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"},{"name":"GLSA-202105-36","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202105-36"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20210521-0007/"},{"tags":["x_refsource_CONFIRM"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"support@hackerone.com","ID":"CVE-2021-22890","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"https://github.com/curl/curl","version":{"version_data":[{"version_value":"7.63.0 to and including 7.75.0"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Man-in-the-Middle (CWE-300)"}]}]},"references":{"reference_data":[{"name":"https://hackerone.com/reports/1129529","refsource":"MISC","url":"https://hackerone.com/reports/1129529"},{"name":"https://curl.se/docs/CVE-2021-22890.html","refsource":"MISC","url":"https://curl.se/docs/CVE-2021-22890.html"},{"name":"FEDORA-2021-cab5c9befb","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"},{"name":"FEDORA-2021-065371f385","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"},{"name":"FEDORA-2021-26a293c72b","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"},{"name":"GLSA-202105-36","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202105-36"},{"name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"name":"https://security.netapp.com/advisory/ntap-20210521-0007/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20210521-0007/"},{"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"CONFIRM","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T18:58:25.687Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://hackerone.com/reports/1129529"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://curl.se/docs/CVE-2021-22890.html"},{"name":"FEDORA-2021-cab5c9befb","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"},{"name":"FEDORA-2021-065371f385","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"},{"name":"FEDORA-2021-26a293c72b","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"},{"name":"GLSA-202105-36","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202105-36"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20210521-0007/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-06-09T15:11:48.797076Z","id":"CVE-2021-22890","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-09T15:11:58.900Z"}}]},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2021-22890","datePublished":"2021-04-01T17:46:17.000Z","dateReserved":"2021-01-06T00:00:00.000Z","dateUpdated":"2025-06-09T15:11:58.900Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}