CVE & CISA-KEV Catalog

CVE-2021-22947

MEDIUMEPSS 85th pctl
5.9
CVSS v3
NVD

Description

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

How to fix

Remediation Available
curlDebian
Fixed in:7.74.0-1.3+deb11u2CVE-2021-22947
Fixed in:7.79.1-1CVE-2021-22947
Fixed in:7.79.1-1CVE-2021-22947
Fixed in:7.79.1-1CVE-2021-22947
Windows 10 Version 1809Windows
Install:KB5009557Microsoft
Windows 10 Version 1909Windows
Install:KB5009545Microsoft
Windows 10 Version 20H2Windows
Install:KB5009543Microsoft
Windows 10 Version 21H1Windows
Install:KB5009543Microsoft
Windows 10 Version 21H2Windows
Install:KB5009543Microsoft
Windows 11 version 21H2Windows
Install:KB5009566Microsoft
Windows Server 2019Windows
Install:KB5009557Microsoft
Windows Server 2019 (Server Core installation)Windows
Install:KB5009557Microsoft
Windows Server 2022Windows
Install:KB5009555Microsoft
Windows Server 2022 (Server Core installation)Windows
Install:KB5009555Microsoft
Windows Server, version 20H2 (Server Core Installation)Windows
Install:KB5009543Microsoft
curlUbuntu
Fixed in:7.35.0-1ubuntu2.20+esm8USN-5079-2
Fixed in:7.47.0-1ubuntu2.19+esm1USN-5079-2
Fixed in:7.58.0-2ubuntu3.15USN-5079-1
Fixed in:7.68.0-1ubuntu2.7USN-5079-1
libcurl3Ubuntu
Fixed in:7.35.0-1ubuntu2.20+esm8USN-5079-2
Fixed in:7.47.0-1ubuntu2.19+esm1USN-5079-2
libcurl3-gnutlsUbuntu
Fixed in:7.35.0-1ubuntu2.20+esm8USN-5079-2
Fixed in:7.47.0-1ubuntu2.19+esm1USN-5079-2
Fixed in:7.58.0-2ubuntu3.15USN-5079-1
Fixed in:7.68.0-1ubuntu2.7USN-5079-1
libcurl3-nssUbuntu
Fixed in:7.35.0-1ubuntu2.20+esm8USN-5079-2
Fixed in:7.47.0-1ubuntu2.19+esm1USN-5079-2
Fixed in:7.58.0-2ubuntu3.15USN-5079-1
Fixed in:7.68.0-1ubuntu2.7USN-5079-1
libcurl4Ubuntu
Fixed in:7.58.0-2ubuntu3.15USN-5079-1
Fixed in:7.68.0-1ubuntu2.7USN-5079-1
UniversalForwarderWindows application
Affected:9.0.0 9.0.6Fixed in:9.0.6Splunk, Inc.
Affected:8.2.0 8.2.12Fixed in:8.2.12Splunk, Inc.

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploit Intelligence

2.80%probability of exploitation in 30 days
85thpercentile

Elevated risk: more likely to be exploited than 85% of all known CVEs.

References

Embed a live status badge for CVE-2021-22947
CVE-2021-22947 severity badge

Markdown

[![CVE-2021-22947](https://tridentstack.com/cve/badge/CVE-2021-22947.svg)](https://tridentstack.com/cve/CVE-2021-22947)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-22947"><img src="https://tridentstack.com/cve/badge/CVE-2021-22947.svg" alt="CVE-2021-22947"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-16.