CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Published: Jun 11, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22898
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

CWE-909

Affected Software
References

Software	From	Fixed in
haxx / curl	7.7	7.76.1.x
debian / debian_linux	9.0	9.0.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
oracle / mysql_server	8.0.15	8.0.25
oracle / mysql_server	-	5.7.34
oracle / essbase	21.0	21.3
oracle / essbase	-	11.1.2.4.047
oracle / communications_cloud_native_core_network_slice_selection_function	1.8.0	1.8.0.x
oracle / communications_cloud_native_core_network_repository_function	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x
oracle / communications_cloud_native_core_service_communication_proxy	1.15.0	1.15.0.x
oracle / communications_cloud_native_core_network_repository_function	1.15.1	1.15.1.x
oracle / communications_cloud_native_core_binding_support_function	1.11.0	1.11.0.x
siemens / sinec_infrastructure_network_services	-	1.0.1.1
splunk / universal_forwarder	9.1.0	9.1.0.x
splunk / universal_forwarder	9.0.0	9.0.6
splunk / universal_forwarder	8.2.0	8.2.12

Vulnerability Database

289,599

CVE-2021-22898