CVE-2021-22897
Schannel cipher selection surprise
Project curl Security Advisory, May 26th 2021 - Permalink
VULNERABILITY
libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPT_SSL_CIPHER_LIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
Due to a mistake in the code, the selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
INFO
It can only trigger when Schannel is used, which is the native TLS library in Microsoft Windows.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-22897 to this issue.
CWE-488: Exposure of Data Element to Wrong Session
Severity: Low
AFFECTED VERSIONS
This issue only exists when libcurl is built to use Schannel.
- Affected versions: libcurl 7.61.0 to and including 7.76.1
- Not affected versions: libcurl < 7.61.0 and libcurl >= 7.77.0
- Introduced-in: https://github.com/curl/curl/commit/9aefbff30d280c60fc
libcurl is used by many applications, and not always advertised as such.
SOLUTION
Store the cipher selection in data associated with the connection.
RECOMMENDATIONS
If you're using an Schannel based libcurl, We suggest you take one of the following actions immediately, in order of preference:
A - Upgrade libcurl to version 7.77.0
B - Apply the patch to your local version
C - Avoid using CURLOPT_SSL_CIPHER_LIST
TIMELINE
This issue was reported to the curl project on April 23, 2021.
This advisory was posted on May 26, 2021.
CREDITS
- Reported-by: Harry Sintonen
- Patched-by: Daniel Stenberg
Thanks a lot!