// For flags

CVE-2021-22898

curl: TELNET stack contents disclosure

Severity Score

3.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

curl versiones 7.7 hasta 7.76.1 sufre de una divulgacion de información cuando la opción de línea de comandos "-t", conocida como "CURLOPT_TELNETOPTIONS" en libcurl, se usa para enviar pares de variables=contenido a servidores TELNET. Debido a un fallo en el analizador de opciones para el envío de variables NEW_ENV, podría hacer que libcurl pasara datos no inicializados de un búfer basado en la pila al servidor, resultando en una potencial divulgación de información interna confidencial al servidor que usaba un protocolo de red de texto sin cifrar

A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-06 CVE Reserved
  • 2021-05-26 CVE Published
  • 2024-04-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-908: Use of Uninitialized Resource
  • CWE-909: Missing Initialization of Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Haxx
Search vendor "Haxx"
Curl
Search vendor "Haxx" for product "Curl"
>= 7.7 <= 7.76.1
Search vendor "Haxx" for product "Curl" and version " >= 7.7 <= 7.76.1"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Binding Support Function
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"
1.11.0
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.11.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Function Cloud Native Environment
Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment"
1.10.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.10.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Repository Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"
1.15.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Repository Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"
1.15.1
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Slice Selection Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function"
1.8.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.8.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Service Communication Proxy
Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy"
1.15.0
Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "1.15.0"
-
Affected
Oracle
Search vendor "Oracle"
Essbase
Search vendor "Oracle" for product "Essbase"
< 11.1.2.4.047
Search vendor "Oracle" for product "Essbase" and version " < 11.1.2.4.047"
-
Affected
Oracle
Search vendor "Oracle"
Essbase
Search vendor "Oracle" for product "Essbase"
>= 21.0 < 21.3
Search vendor "Oracle" for product "Essbase" and version " >= 21.0 < 21.3"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Server
Search vendor "Oracle" for product "Mysql Server"
< 5.7.34
Search vendor "Oracle" for product "Mysql Server" and version " < 5.7.34"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Server
Search vendor "Oracle" for product "Mysql Server"
>= 8.0.15 < 8.0.25
Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.15 < 8.0.25"
-
Affected
Siemens
Search vendor "Siemens"
Sinec Infrastructure Network Services
Search vendor "Siemens" for product "Sinec Infrastructure Network Services"
< 1.0.1.1
Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1"
-
Affected
Splunk
Search vendor "Splunk"
Universal Forwarder
Search vendor "Splunk" for product "Universal Forwarder"
>= 8.2.0 < 8.2.12
Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12"
-
Affected
Splunk
Search vendor "Splunk"
Universal Forwarder
Search vendor "Splunk" for product "Universal Forwarder"
>= 9.0.0 < 9.0.6
Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6"
-
Affected
Splunk
Search vendor "Splunk"
Universal Forwarder
Search vendor "Splunk" for product "Universal Forwarder"
9.1.0
Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0"
-
Affected