curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Microsoft on CVE-2021-22947

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 12 Jan 2022 12:33:13 +0100 (CET)

Hi team,

Just a FYI:

Yesterday, Microsoft published information[1] and upgrade details for fixing
their version of curl in regards to the problem called CVE-2021-22947 that we
reported back in September 2021 [2].

In their great wisdom, without asking us or reading our description, they
decided this is a "Remote Code Execution Vulnerability".

I obviously disagree with that description.

[1] = https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-22947
[2] = https://curl.se/docs/CVE-2021-22947.html

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-01-12