Уязвимость раскрытия элемента данных в неверной сессии в библиотеках libcurl при использовании Schannel TLS
Описание
В версиях curl с 7.61.0 по 7.76.1 обнаружена уязвимость, связанная с утечкой элемента данных в неверный сеанс из-за ошибки в коде для опции CURLOPT_SSL_CIPHER_LIST при сборке libcurl с использованием библиотеки Schannel TLS. Выбранный набор шифров сохранялся в одной "статической" переменной в библиотеке, что приводило к неожиданному побочному эффекту: если приложение одновременно выполняет несколько передач, последний установивший шифры процесс непреднамеренно контролирует набор шифров, используемых всеми передачами. В худшем случае это значительно ослабляет транспортную безопасность.
Затронутые версии ПО
- curl с версии 7.61.0 по 7.76.1
Тип уязвимости
Раскрытие данных
Ссылки
- PatchThird Party Advisory
- PatchVendor Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchVendor Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одно из
EPSS
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
EPSS
5.3 Medium
CVSS3
4.3 Medium
CVSS2