CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.9%
Severity: High
Date : 2021-06-01
CVE-ID : CVE-2021-22898 CVE-2021-22901
Package : lib32-curl
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1996
The package lib32-curl before version 7.77.0-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Upgrade to 7.77.0-1.
The problems have been fixed upstream in version 7.77.0.
A security issue has been found in curl before version 7.77.0. curl
supports the -t command line option, known as CURLOPT_TELNETOPTIONS in
libcurl. This rarely used option is used to send variable=content pairs
to TELNET servers. Due to flaw in the option parser for sending NEW_ENV
variables, libcurl could be made to pass on uninitialized data from a
stack based buffer to the server. Therefore potentially revealing
sensitive internal information to the server using a clear-text network
protocol.
libcurl before version 7.77.0 can be tricked into using already freed
memory when a new TLS session is negotiated or a client certificate is
requested on an existing connection. For example, this can happen when
a TLS server requests a client certificate on a connection that was
established without one. A malicious server can use this in rare
unfortunate circumstances to potentially reach remote code execution in
the client. The flaw can only happen in libcurl built to use OpenSSL.
curl could disclose potentially sensitive memory information to a
remote server over Telnet when an uncommon option is used.
Additionally, a remote attacker could cause arbitrary code execution
through a crafted TLS handshake.
https://curl.se/docs/CVE-2021-22898.html
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://curl.se/docs/CVE-2021-22901.html
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
https://security.archlinux.org/CVE-2021-22898
https://security.archlinux.org/CVE-2021-22901
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | lib32-curl | < 7.77.0-1 | UNKNOWN |
curl.se/docs/CVE-2021-22898.html
curl.se/docs/CVE-2021-22901.html
github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
security.archlinux.org/AVG-1996
security.archlinux.org/CVE-2021-22898
security.archlinux.org/CVE-2021-22901
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.9%