CVE-2021-22897 Overview
CVE-2021-22897 is a vulnerability in curl versions 7.61.0 through 7.76.1 that results in exposure of data elements to the wrong session due to improper handling of CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which causes an unintended side-effect where multiple concurrent transfers share cipher configurations. The last transfer that sets the ciphers will accidentally control the set used by all transfers, potentially weakening transport security significantly.
Critical Impact
In multi-threaded applications using concurrent HTTPS connections, one connection's cipher preferences can inadvertently override another's, potentially exposing sensitive data through weaker-than-intended encryption settings.
Affected Products
- haxx curl (versions 7.61.0 through 7.76.1)
- Oracle Communications Cloud Native Core products (Binding Support Function 1.11.0, Network Function Cloud Native Environment 1.10.0, Network Repository Function 1.15.0/1.15.1, Network Slice Selection Function 1.8.0, Service Communication Proxy 1.15.0)
- Oracle MySQL Server and Essbase
- NetApp Cloud Backup, SolidFire, and HCI products
- Siemens SINEC Infrastructure Network Services
- Splunk Universal Forwarder
Discovery Timeline
- June 11, 2021 - CVE-2021-22897 published to NVD
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2021-22897
Vulnerability Analysis
This vulnerability is classified under CWE-840 (Business Logic Errors) and CWE-668 (Exposure of Resource to Wrong Sphere). The flaw exists in the Schannel TLS backend implementation within libcurl, specifically in the set_ssl_ciphers() function located in lib/vtls/schannel.c. The function incorrectly uses a static array algIds[45] to store cipher algorithm identifiers, which means the variable persists across function calls and is shared between all concurrent TLS connections.
When multiple curl connections are established simultaneously in a multi-threaded application, each attempting to configure its own cipher suite via CURLOPT_SSL_CIPHER_LIST, the static nature of the storage causes a race condition. The last connection to configure its ciphers effectively overwrites the cipher settings for all other concurrent connections, including those that may have already initiated their TLS handshake.
Root Cause
The root cause is the use of a static array variable (static ALG_ID algIds[45]) within the set_ssl_ciphers() function. Static variables in C retain their values between function calls and are shared across all threads within a process. This design decision, likely made for convenience or to avoid repeated memory allocation, created a thread-safety issue where concurrent TLS connections could interfere with each other's cipher configurations.
Attack Vector
The vulnerability can be exploited in scenarios where:
- An application uses libcurl with the Schannel TLS backend (Windows systems)
- The application establishes multiple concurrent HTTPS connections
- Different connections attempt to use different cipher suite configurations via CURLOPT_SSL_CIPHER_LIST
An attacker positioned as a man-in-the-middle could potentially exploit this by timing their malicious connection to set weaker ciphers, which would then be applied to legitimate connections. This could facilitate cryptographic attacks against the weakened TLS sessions. The attack is network-based and requires no authentication or user interaction.
// Security patch in lib/vtls/schannel.c - schannel: don't use static to store selected ciphers
}
static CURLcode
-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
+set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
+ int *algIds)
{
char *startCur = ciphers;
int algCount = 0;
- static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/
- while(startCur && (0 != *startCur) && (algCount < 45)) {
+ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) {
long alg = strtol(startCur, 0, 0);
if(!alg)
alg = get_alg_id_by_name(startCur);
Source: GitHub curl Commit
// Security patch in lib/vtls/schannel.h - schannel: don't use static to store selected ciphers
#endif
#endif
+#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */
+
struct Curl_schannel_cred {
CredHandle cred_handle;
TimeStamp time_stamp;
Source: GitHub curl Commit
Detection Methods for CVE-2021-22897
Indicators of Compromise
- Unexpected cipher suite changes in TLS handshake logs when using concurrent curl connections
- Detection of weaker-than-configured cipher suites in network traffic analysis
- Application logs showing inconsistent TLS connection parameters across concurrent requests
- Anomalous TLS negotiation behavior on Windows systems using Schannel
Detection Strategies
- Monitor for curl library versions between 7.61.0 and 7.76.1 in software inventory systems
- Implement network monitoring to detect TLS connections using unexpectedly weak cipher suites
- Review application logs for multi-threaded curl usage patterns with CURLOPT_SSL_CIPHER_LIST configurations
- Deploy endpoint detection to identify vulnerable curl/libcurl binaries linked against Schannel
Monitoring Recommendations
- Enable verbose TLS logging in applications using libcurl to track cipher suite negotiations
- Configure network intrusion detection systems (NIDS) to alert on weak cipher usage patterns
- Implement software composition analysis (SCA) to track curl library versions across the environment
- Monitor for security advisory updates from curl, Oracle, NetApp, Siemens, and Splunk
How to Mitigate CVE-2021-22897
Immediate Actions Required
- Upgrade curl to version 7.77.0 or later, which contains the fix for this vulnerability
- Review all applications using libcurl on Windows with Schannel TLS backend
- Audit concurrent connection patterns in applications using CURLOPT_SSL_CIPHER_LIST
- Apply vendor-specific patches from Oracle, NetApp, Siemens, and Splunk for affected products
Patch Information
The vulnerability was fixed in curl version 7.77.0 through commit bbb71507b7bab52002f9b1e0880bed6a32834511. The fix removes the static storage for the cipher algorithm IDs and instead passes the array as a parameter to the set_ssl_ciphers() function, ensuring each connection maintains its own cipher configuration. Organizations should update to curl 7.77.0 or later and apply relevant vendor patches:
- curl Security Advisory CVE-2021-22897
- Oracle CPU July 2021
- Oracle CPU January 2022
- Oracle CPU April 2022
- NetApp Security Advisory NTAP-20210727-0007
- Siemens Security Advisory SSA-389290
Workarounds
- Avoid using CURLOPT_SSL_CIPHER_LIST option in multi-threaded applications until patched
- Consider using OpenSSL or other TLS backends instead of Schannel on Windows systems
- Implement connection serialization to prevent concurrent cipher configuration changes
- Use system-wide TLS cipher policies rather than per-connection configurations
# Configuration example - Verify curl version and TLS backend
curl --version | grep -E "(curl|SSL)"
# Check for Schannel backend usage
curl --version | grep -i schannel
# Update curl to patched version (example for package managers)
# macOS with Homebrew
brew update && brew upgrade curl
# Ubuntu/Debian
sudo apt-get update && sudo apt-get install curl
# CentOS/RHEL
sudo yum update curl
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
