CVE-2021-32066

ULN >
Oracle Linux CVE repository >
CVE-2021-32066

CVE Details

Release Date:	2021-08-01
Impact:	None	What is this?

Description

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

See more information about CVE-2021-32066 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	7.4
Vector String:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version:	3.0
Attack Vector:	Network
Attack Complexity:	High
Privileges Required:	None
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	High
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (ruby)	ELSA-2021-3020	2021-08-06
Oracle Linux version 8 (ruby)	ELSA-2022-0543	2022-02-16
Oracle Linux version 8 (ruby)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (ruby)	ELSA-2022-0672-1	2022-03-08
Oracle Linux version 8 (rubygem-abrt)	ELSA-2021-3020	2021-08-06
Oracle Linux version 8 (rubygem-abrt)	ELSA-2022-0543	2022-02-16
Oracle Linux version 8 (rubygem-abrt)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (rubygem-abrt)	ELSA-2022-0672-1	2022-03-08
Oracle Linux version 8 (rubygem-bson)	ELSA-2021-3020	2021-08-06
Oracle Linux version 8 (rubygem-bson)	ELSA-2022-0543	2022-02-16
Oracle Linux version 8 (rubygem-bson)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (rubygem-bson)	ELSA-2022-0672-1	2022-03-08
Oracle Linux version 8 (rubygem-bundler)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (rubygem-bundler)	ELSA-2022-0672-1	2022-03-08
Oracle Linux version 8 (rubygem-mongo)	ELSA-2021-3020	2021-08-06
Oracle Linux version 8 (rubygem-mongo)	ELSA-2022-0543	2022-02-16
Oracle Linux version 8 (rubygem-mongo)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (rubygem-mongo)	ELSA-2022-0672-1	2022-03-08
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2021-3020	2021-08-06
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2022-0543	2022-02-16
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (rubygem-mysql2)	ELSA-2022-0672-1	2022-03-08
Oracle Linux version 8 (rubygem-pg)	ELSA-2021-3020	2021-08-06
Oracle Linux version 8 (rubygem-pg)	ELSA-2022-0543	2022-02-16
Oracle Linux version 8 (rubygem-pg)	ELSA-2022-0672	2022-02-28
Oracle Linux version 8 (rubygem-pg)	ELSA-2022-0672-1	2022-03-08

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691