What is CVE-2021-22901?

CVE-2021-22901 is a vulnerability in Https://github.com/curl/curl, classified under Use After Free. Published 2021-06-11.

Is CVE-2021-22901 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Https://github.com/curl/curl

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances…

Vulnerability class: Use-After-Free

EPSS: 0.601 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a Https://github.com/curl/curl — versions 7.75.0 through 7.76.1

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

hackerone.com/reports/1180380 (x_refsource_MISC)
curl.se/docs/CVE-2021-22901.html (x_refsource_MISC)
github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (x_refsource_MISC)
www.oracle.com//security-alerts/cpujul2021.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210723-0001/ (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpujan2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210727-0007/ (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (x_refsource_CONFIRM)
cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-22901?: CVE-2021-22901 is a vulnerability in Https://github.com/curl/curl, classified under Use After Free. Published 2021-06-11.
Is CVE-2021-22901 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.