CVE-2021-22925
published 2021-08-05CVE-2021-22925: curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos | — | — |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-005_catalina | — | — |
| debian | curl | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.67.0-r5 | 7.67.0-r5 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
| haxx | curl | >= 0 < 7.78.0-r0 | 7.78.0-r0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM