CVE-2021-22923: When curl is instructed to get content using the metalink feature, and a user name and password...
5.3
Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
I was unable to fetch specific commit information for CVE-2021-22923. The vulnerability description indicates that the issue lies in how curl handles credentials when using the metalink feature, specifically that credentials for the metalink XML file are reused for downloading content from URLs within that file. Without the patch details, I cannot identify the precise functions involved in processing metalinks and handling credentials for subsequent requests. Therefore, I cannot provide a list of vulnerable functions with the required evidence and confidence.
Attempted to find commit information via direct commit URL and by searching, but was unsuccessful in retrieving the patch details needed for precise function identification. The available information describes the vulnerable behavior but does not point to specific code locations without the associated commit diffs or source code analysis of the patch that fixed the issue in curl 7.78.0 (commit ae012ddb4a75c2f0d91016f5c9d999510087f7bd was identified as potentially relevant but its content could not be fetched).