Total vulnerabilities in the database
curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
| Software | From | Fixed in |
|---|---|---|
| haxx / curl | 7.7 | 7.78.0 |
| fedoraproject / fedora | 33 | 33.x |
| apple / macos | 11.0 | 11.0.x |
| apple / mac_os_x | 10.15.7 | 10.15.7.x |
| apple / mac_os_x | 10.15.7-security_update_2021-001 | 10.15.7-security_update_2021-001.x |
| apple / mac_os_x | 10.15.7-security_update_2021-002 | 10.15.7-security_update_2021-002.x |
| apple / mac_os_x | 10.15.7-security_update_2021-003 | 10.15.7-security_update_2021-003.x |
| apple / mac_os_x | 10.15.7-security_update_2021-004 | 10.15.7-security_update_2021-004.x |
| apple / macos | 11.0.1 | 11.0.1.x |
| apple / macos | 11.1 | 11.1.x |
| apple / macos | 11.1.0 | 11.1.0.x |
| apple / macos | 11.2 | 11.2.x |
| apple / macos | 11.2.1 | 11.2.1.x |
| apple / macos | 11.3 | 11.3.x |
| apple / macos | 11.3.1 | 11.3.1.x |
| apple / macos | 11.4 | 11.4.x |
| apple / macos | 11.5 | 11.5.x |
| oracle / peoplesoft_enterprise_peopletools | 8.57 | 8.57.x |
| oracle / peoplesoft_enterprise_peopletools | 8.58 | 8.58.x |
| oracle / peoplesoft_enterprise_peopletools | 8.59 | 8.59.x |
| oracle / mysql_server | 8.0.0 | 8.0.26.x |
| oracle / mysql_server | 5.7.0 | 5.7.35.x |
| siemens / sinec_infrastructure_network_services | - | 1.0.1.1 |
| siemens / sinema_remote_connect_server | - | 3.1 |
| splunk / universal_forwarder | 9.1.0 | 9.1.0.x |
| splunk / universal_forwarder | 9.0.0 | 9.0.6 |
| splunk / universal_forwarder | 8.2.0 | 8.2.12 |