CVE-2021-22945 : When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Published 2021-09-23 13:15:09

Updated 2024-03-27 15:04:30

Source HackerOne

View at NVD, CVE.org

Products affected by CVE-2021-22945

Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions from including (>=) 12.0.0 and before (<) 12.3
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Server
Versions from including (>=) 5.7.0 and up to, including, (<=) 5.7.35
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Server
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.26
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Matching versions
Siemens » Sinec Ins
Versions before (<) 1.0.1.1
cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H300e Firmware » Version: N/A
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300e » Version: N/A
Netapp » H500e Firmware » Version: N/A
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500e » Version: N/A
Netapp » H700e Firmware » Version: N/A
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700e » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » Solidfire Baseboard Management Controller Firmware » Version: N/A
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Solidfire Baseboard Management Controller » Version: N/A
Splunk » Universal Forwarder
Versions from including (>=) 9.0.0 and before (<) 9.0.6
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder
Versions from including (>=) 8.2.0 and before (<) 8.2.12
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder » Version: 9.1.0
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Matching versions
Haxx » Libcurl
Versions from including (>=) 7.73.0 and up to, including, (<=) 7.78.0
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-22945

EPSS FAQ

0.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-22945

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2021-22945

CWE-415 Double Free

The product calls free() twice on the same memory address.
Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)

References for CVE-2021-22945

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202212-01

curl: Multiple Vulnerabilities (GLSA 202212-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://hackerone.com/reports/1269242

#1269242 CVE-2021-22945: UAF and double-free in MQTT sending
Exploit;Patch;Third Party Advisory
https://support.apple.com/kb/HT213183

About the security content of macOS Monterey 12.3 - Apple Support
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20211029-0003/

September 2021 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Mar/29

Full Disclosure: APPLE-SA-2022-03-14-4 macOS Monterey 12.3
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2022/dsa-5197

Debian -- Security Information -- DSA-5197-1 curl
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuoct2021.html

Oracle Critical Patch Update Advisory - October 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33 - package-announce - Fedora Mailing-Lists
Third Party Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-22945

Products affected by CVE-2021-22945

Exploit prediction scoring system (EPSS) score for CVE-2021-22945

CVSS scores for CVE-2021-22945

CWE ids for CVE-2021-22945

References for CVE-2021-22945