CVE-2021-22925

Name
CVE-2021-22925
Description
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://hackerone.com/reports/1223882
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
Third Party Advisory https://security.netapp.com/advisory/ntap-20210902-0003/
Third Party Advisory https://support.apple.com/kb/HT212804
Third Party Advisory https://support.apple.com/kb/HT212805
FULLDISC http://seclists.org/fulldisclosure/2021/Sep/39
FULLDISC http://seclists.org/fulldisclosure/2021/Sep/40
MISC https://www.oracle.com/security-alerts/cpuoct2021.html
Patch https://www.oracle.com/security-alerts/cpujan2022.html
CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* curl >= 7.7 < 7.78.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status