Lucene search

[email protected]CVE-2021-22898

HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-22898

2021-06-1116:15:11

CWE-200

CWE-909

[email protected]

web.nvd.nist.gov

305

cve-2021-22898

curl

information disclosure

libcurl

telnetoptions

nvd

stack buffer

network protocol

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Affected configurations

NVD

Node

haxxcurlRange7.7–7.76.1

Node

debiandebian_linuxMatch9.0

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

Node

oraclecommunications_cloud_native_core_binding_support_functionMatch1.11.0

oraclecommunications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0

oraclecommunications_cloud_native_core_network_repository_functionMatch1.15.0

oraclecommunications_cloud_native_core_network_repository_functionMatch1.15.1

oraclecommunications_cloud_native_core_network_slice_selection_functionMatch1.8.0

oraclecommunications_cloud_native_core_service_communication_proxyMatch1.15.0

oracleessbaseRange<11.1.2.4.047

oracleessbaseRange21.0–21.3

oraclemysql_serverRange<5.7.34

oraclemysql_serverRange8.0.15–8.0.25

Node

siemenssinec_infrastructure_network_servicesRange<1.0.1.1

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

CPENameOperatorVersion
haxx:curlhaxx curlle7.76.1

CPE	Name	Operator	Version
haxx:curl	haxx curl	le	7.76.1

CNA Affected

[
  {
    "product": "https://github.com/curl/curl",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "7.7 through 7.76.1"
      }
    ]
  }
]