Unrated severityNVD Advisory· Published Mar 23, 2022· Updated Aug 3, 2024
CVE-2021-3618
CVE-2021-3618
Description
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
50- ALPACA/ALPACAdescription
- osv-coords49 versionspkg:bitnami/nginxpkg:bitnami/nginx-gatewaypkg:rpm/opensuse/nginx&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nginx&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vsftpd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/vsftpd&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/nginx&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nginx&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nginx&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nginx&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nginx&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/vsftpd&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/vsftpd&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vsftpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vsftpd&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/vsftpd&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/vsftpd&distro=SUSE%20Manager%20Server%204.1
< 1.21.0+ 48 more
- (no CPE)range: < 1.21.0
- (no CPE)range: < 1.21.0
- (no CPE)range: < 1.19.8-150300.3.9.1
- (no CPE)range: < 1.19.8-150300.3.9.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150400.3.3.1
- (no CPE)range: < 1.16.1-150100.6.16.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150100.6.16.1
- (no CPE)range: < 1.16.1-150100.6.16.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150000.3.18.1
- (no CPE)range: < 1.16.1-150000.3.18.1
- (no CPE)range: < 1.19.8-150300.3.9.1
- (no CPE)range: < 1.16.1-150100.6.16.1
- (no CPE)range: < 1.16.1-150100.6.16.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150000.3.18.1
- (no CPE)range: < 1.16.1-150000.3.18.1
- (no CPE)range: < 1.16.1-150100.6.16.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 1.16.1-150200.3.9.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150400.3.3.1
- (no CPE)range: < 3.0.5-48.3.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-48.3.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150000.7.19.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150200.12.9.1
- (no CPE)range: < 3.0.5-150200.12.9.1
Patches
Vulnerability mechanics
References
3- lists.debian.org/debian-lts-announce/2022/11/msg00031.htmlmitremailing-list
- alpaca-attack.commitre
- bugzilla.redhat.com/show_bug.cgimitre
News mentions
0No linked articles in our index yet.