CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.2%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

Products affected by CVE-2021-22922

Haxx » Curl » Version: 7.27.0

cpe:2.3:a:haxx:curl:7.27.0
Haxx » Curl » Version: 7.28.0

cpe:2.3:a:haxx:curl:7.28.0
Haxx » Curl » Version: 7.28.1

cpe:2.3:a:haxx:curl:7.28.1
Haxx » Curl » Version: 7.29.0

cpe:2.3:a:haxx:curl:7.29.0
Haxx » Curl » Version: 7.30.0

cpe:2.3:a:haxx:curl:7.30.0
Haxx » Curl » Version: 7.31.0

cpe:2.3:a:haxx:curl:7.31.0
Haxx » Curl » Version: 7.32.0

cpe:2.3:a:haxx:curl:7.32.0
Haxx » Curl » Version: 7.33.0

cpe:2.3:a:haxx:curl:7.33.0
Haxx » Curl » Version: 7.34.0

cpe:2.3:a:haxx:curl:7.34.0
Haxx » Curl » Version: 7.35.0

cpe:2.3:a:haxx:curl:7.35.0
Haxx » Curl » Version: 7.36.0

cpe:2.3:a:haxx:curl:7.36.0
Haxx » Curl » Version: 7.37.0

cpe:2.3:a:haxx:curl:7.37.0
Haxx » Curl » Version: 7.37.1

cpe:2.3:a:haxx:curl:7.37.1
Haxx » Curl » Version: 7.38.0

cpe:2.3:a:haxx:curl:7.38.0
Haxx » Curl » Version: 7.39.0

cpe:2.3:a:haxx:curl:7.39.0
Haxx » Curl » Version: 7.40.0

cpe:2.3:a:haxx:curl:7.40.0
Haxx » Curl » Version: 7.41.0

cpe:2.3:a:haxx:curl:7.41.0
Haxx » Curl » Version: 7.42.0

cpe:2.3:a:haxx:curl:7.42.0
Haxx » Curl » Version: 7.42.1

cpe:2.3:a:haxx:curl:7.42.1
Haxx » Curl » Version: 7.43.0

cpe:2.3:a:haxx:curl:7.43.0
Haxx » Curl » Version: 7.44.0

cpe:2.3:a:haxx:curl:7.44.0
Haxx » Curl » Version: 7.45.0

cpe:2.3:a:haxx:curl:7.45.0
Haxx » Curl » Version: 7.46.0

cpe:2.3:a:haxx:curl:7.46.0
Haxx » Curl » Version: 7.47.0

cpe:2.3:a:haxx:curl:7.47.0
Haxx » Curl » Version: 7.47.1

cpe:2.3:a:haxx:curl:7.47.1
Haxx » Curl » Version: 7.48.0

cpe:2.3:a:haxx:curl:7.48.0
Haxx » Curl » Version: 7.49.0

cpe:2.3:a:haxx:curl:7.49.0
Haxx » Curl » Version: 7.49.1

cpe:2.3:a:haxx:curl:7.49.1
Haxx » Curl » Version: 7.50.0

cpe:2.3:a:haxx:curl:7.50.0
Haxx » Curl » Version: 7.50.1

cpe:2.3:a:haxx:curl:7.50.1
Haxx » Curl » Version: 7.50.2

cpe:2.3:a:haxx:curl:7.50.2
Haxx » Curl » Version: 7.50.3

cpe:2.3:a:haxx:curl:7.50.3
Haxx » Curl » Version: 7.51.0

cpe:2.3:a:haxx:curl:7.51.0
Haxx » Curl » Version: 7.52.0

cpe:2.3:a:haxx:curl:7.52.0
Haxx » Curl » Version: 7.52.1

cpe:2.3:a:haxx:curl:7.52.1
Haxx » Curl » Version: 7.53.0

cpe:2.3:a:haxx:curl:7.53.0
Haxx » Curl » Version: 7.53.1

cpe:2.3:a:haxx:curl:7.53.1
Haxx » Curl » Version: 7.54.0

cpe:2.3:a:haxx:curl:7.54.0
Haxx » Curl » Version: 7.54.1

cpe:2.3:a:haxx:curl:7.54.1
Haxx » Curl » Version: 7.55.0

cpe:2.3:a:haxx:curl:7.55.0
Haxx » Curl » Version: 7.55.1

cpe:2.3:a:haxx:curl:7.55.1
Haxx » Curl » Version: 7.56.0

cpe:2.3:a:haxx:curl:7.56.0
Haxx » Curl » Version: 7.56.1

cpe:2.3:a:haxx:curl:7.56.1
Haxx » Curl » Version: 7.57.0

cpe:2.3:a:haxx:curl:7.57.0
Haxx » Curl » Version: 7.58.0

cpe:2.3:a:haxx:curl:7.58.0
Haxx » Curl » Version: 7.59.0

cpe:2.3:a:haxx:curl:7.59.0
Haxx » Curl » Version: 7.60.0

cpe:2.3:a:haxx:curl:7.60.0
Haxx » Curl » Version: 7.61.0

cpe:2.3:a:haxx:curl:7.61.0
Haxx » Curl » Version: 7.61.1

cpe:2.3:a:haxx:curl:7.61.1
Haxx » Curl » Version: 7.62.0

cpe:2.3:a:haxx:curl:7.62.0
Haxx » Curl » Version: 7.63.0

cpe:2.3:a:haxx:curl:7.63.0
Haxx » Curl » Version: 7.64.0

cpe:2.3:a:haxx:curl:7.64.0
Haxx » Curl » Version: 7.64.1

cpe:2.3:a:haxx:curl:7.64.1
Haxx » Curl » Version: 7.65.0

cpe:2.3:a:haxx:curl:7.65.0
Haxx » Curl » Version: 7.65.1

cpe:2.3:a:haxx:curl:7.65.1
Haxx » Curl » Version: 7.65.2

cpe:2.3:a:haxx:curl:7.65.2
Haxx » Curl » Version: 7.65.3

cpe:2.3:a:haxx:curl:7.65.3
Haxx » Curl » Version: 7.66.0

cpe:2.3:a:haxx:curl:7.66.0
Haxx » Curl » Version: 7.67.0

cpe:2.3:a:haxx:curl:7.67.0
Haxx » Curl » Version: 7.68.0

cpe:2.3:a:haxx:curl:7.68.0
Haxx » Curl » Version: 7.69.0

cpe:2.3:a:haxx:curl:7.69.0
Haxx » Curl » Version: 7.69.1

cpe:2.3:a:haxx:curl:7.69.1
Haxx » Curl » Version: 7.70.0

cpe:2.3:a:haxx:curl:7.70.0
Haxx » Curl » Version: 7.71.0

cpe:2.3:a:haxx:curl:7.71.0
Haxx » Curl » Version: 7.71.1

cpe:2.3:a:haxx:curl:7.71.1
Haxx » Curl » Version: 7.72.0

cpe:2.3:a:haxx:curl:7.72.0
Haxx » Curl » Version: 7.73.0

cpe:2.3:a:haxx:curl:7.73.0
Haxx » Curl » Version: 7.74.0

cpe:2.3:a:haxx:curl:7.74.0
Haxx » Curl » Version: 7.75.0

cpe:2.3:a:haxx:curl:7.75.0
Haxx » Curl » Version: 7.76.0

cpe:2.3:a:haxx:curl:7.76.0
Haxx » Curl » Version: 7.76.1

cpe:2.3:a:haxx:curl:7.76.1
Haxx » Curl » Version: 7.77.0

cpe:2.3:a:haxx:curl:7.77.0
Netapp » Cloud Backup » Version: N/A

cpe:2.3:a:netapp:cloud_backup:-
Netapp » Clustered Data Ontap » Version: N/A

cpe:2.3:a:netapp:clustered_data_ontap:-
Netapp » Hci Management Node » Version: N/A

cpe:2.3:a:netapp:hci_management_node:-
Netapp » Solidfire » Version: N/A

cpe:2.3:a:netapp:solidfire:-
Oracle » Mysql Server » Version: 5.7.0

cpe:2.3:a:oracle:mysql_server:5.7.0
Oracle » Mysql Server » Version: 5.7.26

cpe:2.3:a:oracle:mysql_server:5.7.26
Oracle » Mysql Server » Version: 5.7.27

cpe:2.3:a:oracle:mysql_server:5.7.27
Oracle » Mysql Server » Version: 5.7.28

cpe:2.3:a:oracle:mysql_server:5.7.28
Oracle » Mysql Server » Version: 5.7.32

cpe:2.3:a:oracle:mysql_server:5.7.32
Oracle » Mysql Server » Version: 5.7.33

cpe:2.3:a:oracle:mysql_server:5.7.33
Oracle » Mysql Server » Version: 5.7.34

cpe:2.3:a:oracle:mysql_server:5.7.34
Oracle » Mysql Server » Version: 5.7.35

cpe:2.3:a:oracle:mysql_server:5.7.35
Oracle » Mysql Server » Version: 8.0.0

cpe:2.3:a:oracle:mysql_server:8.0.0
Oracle » Mysql Server » Version: 8.0.15

cpe:2.3:a:oracle:mysql_server:8.0.15
Oracle » Mysql Server » Version: 8.0.17

cpe:2.3:a:oracle:mysql_server:8.0.17
Oracle » Mysql Server » Version: 8.0.22

cpe:2.3:a:oracle:mysql_server:8.0.22
Oracle » Mysql Server » Version: 8.0.23

cpe:2.3:a:oracle:mysql_server:8.0.23
Oracle » Mysql Server » Version: 8.0.24

cpe:2.3:a:oracle:mysql_server:8.0.24
Oracle » Mysql Server » Version: 8.0.25

cpe:2.3:a:oracle:mysql_server:8.0.25
Oracle » Mysql Server » Version: 8.0.26

cpe:2.3:a:oracle:mysql_server:8.0.26
Siemens » Sinec Infrastructure Network Services » Version: N/A

cpe:2.3:a:siemens:sinec_infrastructure_network_services:-
Siemens » Sinec Infrastructure Network Services » Version: 1.0.1

cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1
Splunk » Universal Forwarder » Version: 8.2.0

cpe:2.3:a:splunk:universal_forwarder:8.2.0
Splunk » Universal Forwarder » Version: 8.2.10

cpe:2.3:a:splunk:universal_forwarder:8.2.10
Splunk » Universal Forwarder » Version: 8.2.11

cpe:2.3:a:splunk:universal_forwarder:8.2.11
Splunk » Universal Forwarder » Version: 8.2.6

cpe:2.3:a:splunk:universal_forwarder:8.2.6
Splunk » Universal Forwarder » Version: 8.2.7

cpe:2.3:a:splunk:universal_forwarder:8.2.7
Splunk » Universal Forwarder » Version: 8.2.8

cpe:2.3:a:splunk:universal_forwarder:8.2.8
Splunk » Universal Forwarder » Version: 8.2.9

cpe:2.3:a:splunk:universal_forwarder:8.2.9
Splunk » Universal Forwarder » Version: 9.0.0

cpe:2.3:a:splunk:universal_forwarder:9.0.0
Splunk » Universal Forwarder » Version: 9.0.1

cpe:2.3:a:splunk:universal_forwarder:9.0.1
Splunk » Universal Forwarder » Version: 9.0.2

cpe:2.3:a:splunk:universal_forwarder:9.0.2
Splunk » Universal Forwarder » Version: 9.0.3

cpe:2.3:a:splunk:universal_forwarder:9.0.3
Splunk » Universal Forwarder » Version: 9.0.4

cpe:2.3:a:splunk:universal_forwarder:9.0.4
Splunk » Universal Forwarder » Version: 9.0.5

cpe:2.3:a:splunk:universal_forwarder:9.0.5
Splunk » Universal Forwarder » Version: 9.1.0

cpe:2.3:a:splunk:universal_forwarder:9.1.0
Netapp » H300e » Version: N/A

cpe:2.3:h:netapp:h300e:-
Netapp » H300s » Version: N/A

cpe:2.3:h:netapp:h300s:-
Netapp » H410s » Version: N/A

cpe:2.3:h:netapp:h410s:-
Netapp » H500e » Version: N/A

cpe:2.3:h:netapp:h500e:-
Netapp » H500s » Version: N/A

cpe:2.3:h:netapp:h500s:-
Netapp » H700e » Version: N/A

cpe:2.3:h:netapp:h700e:-
Netapp » H700s » Version: N/A

cpe:2.3:h:netapp:h700s:-
Fedoraproject » Fedora » Version: 33

cpe:2.3:o:fedoraproject:fedora:33
Netapp » H300e Firmware » Version: N/A

cpe:2.3:o:netapp:h300e_firmware:-
Netapp » H300s Firmware » Version: N/A

cpe:2.3:o:netapp:h300s_firmware:-
Netapp » H410s Firmware » Version: N/A

cpe:2.3:o:netapp:h410s_firmware:-
Netapp » H500e Firmware » Version: N/A

cpe:2.3:o:netapp:h500e_firmware:-
Netapp » H500s Firmware » Version: N/A

cpe:2.3:o:netapp:h500s_firmware:-
Netapp » H700e Firmware » Version: N/A

cpe:2.3:o:netapp:h700e_firmware:-
Netapp » H700s Firmware » Version: N/A

cpe:2.3:o:netapp:h700s_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22922

Products

Pricing

Contact Us