CVE-2021-22898
published 2021-06-11CVE-2021-22898: curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send…
low3.1CVSS 3.1
AVNACHPRNUIRSUCLINAN
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.79.1-1 (bookworm) | curl 7.79.1-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u2 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.14 | 7.58.0-2ubuntu3.14 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.6 | 7.68.0-1ubuntu2.6 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm14 | 7.35.0-1ubuntu2.20+esm14 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.19+esm3 | 7.47.0-1ubuntu2.19+esm3 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.19+esm7 | 7.47.0-1ubuntu2.19+esm7 |
| haxx | curl | 7.7 – 7.76.1 | — |
| https | github.com_curl_curl | — | — |
| msrc | cbl2_curl_7.76.0-5_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.76.0-2_on_cbl_mariner_1.0 | — | — |
| oracle | communications_cloud_native_core_binding_support_function | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_repository_function | — | — |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications_cloud_native_core_service_communication_proxy | — | — |
| oracle | essbase | < 11.1.2.4.047 | 11.1.2.4.047 |
| oracle | essbase | >= 21.0 < 21.3 | 21.3 |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
osv3.1LOW