1. 漏洞描述 CVE-2021-22946漏洞是由于Oracle MySQL Server中的Server: Compiling (cURL)组件存在信息泄露问题。当MySQL Server与IMAP、POP3或FTP服务器通信时,如果指定了--ssl-reqd标志以升级到TLS,但服务器返回了精心设计的响应,curl客户端可能会绕过这一要求,继续在没有TLS加密的情况下操作,从而导致数据以明文形式...
漏洞名称 Oracle MySQL Server 信息泄露漏洞(CVE-2021-22946) 详细描述 Oracle MySQL Server是美国甲骨文(Oracle)公司的一款关系型数据库。MySQL Server存在存在信息泄露漏洞,该漏洞的存在是由于 MySQL Server 中的 Server: Compiling (cURL) 组件组件存在信息泄露漏洞。攻击者可利用该漏洞未授权读取数据,影响数据的保密...
VectorAV:N/AC:L/Au:N/C:P/I:N/A:N Access VectorNetwork Access ComplexityLow AuthenticationNone Confidentiality ImpactPartial Integrity ImpactNone Availability ImpactNone CVSS v3 Scores National Vulnerability DatabaseSUSE Base Score7.55.9 VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:...
introduced by: https://github.com/curl/curl/commit/ec3bb8f727405 and https://github.com/curl/curl/commit/c5ba0c2f544653 Severity score breakdown ParameterValue Base score 7.5 · High Attack vectorNetwork Attack complexityLow Privileges requiredNone ...
CVE-2021-22946 at MITRE Description A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlib...