CVE-2021-22946

NameCVE-2021-22946
DescriptionA user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2773-1, ELA-494-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
curl (PTS)jessie, jessie (lts)7.38.0-4+deb8u22fixed
stretch7.52.1-5+deb9u10vulnerable
stretch (security)7.52.1-5+deb9u16fixed
buster, buster (security)7.64.0-4+deb10u2vulnerable
bookworm, sid, bullseye7.74.0-1.3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
curlsourcejessie7.38.0-4+deb8u22ELA-494-1
curlsourcestretch7.52.1-5+deb9u16DLA-2773-1
curlsource(unstable)(unfixed)

Notes

[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
https://curl.se/docs/CVE-2021-22946.html
Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)

Search for package or bug name: Reporting problems