Wind River Support Network

HomeDefectsLIN1021-360
Fixed

LIN1021-360 : Security Advisory - curl - CVE-2021-22901

Created: May 26, 2021    Updated: Aug 24, 2021
Resolved Date: Aug 23, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.4
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

libcurl can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client.

https://curl.se/docs/CVE-2021-22901.html

CREATE(Triage):(User=admin) [CVE-2021-22901|https://nvd.nist.gov/vuln/detail/CVE-2021-22901]

CVEs


Live chat
Online