CVE-2021-22898
curl: TELNET stack contents disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
curl versiones 7.7 hasta 7.76.1 sufre de una divulgacion de información cuando la opción de línea de comandos "-t", conocida como "CURLOPT_TELNETOPTIONS" en libcurl, se usa para enviar pares de variables=contenido a servidores TELNET. Debido a un fallo en el analizador de opciones para el envío de variables NEW_ENV, podría hacer que libcurl pasara datos no inicializados de un búfer basado en la pila al servidor, resultando en una potencial divulgación de información interna confidencial al servidor que usaba un protocolo de red de texto sin cifrar
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-06 CVE Reserved
- 2021-05-26 CVE Published
- 2024-04-21 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-908: Use of Uninitialized Resource
- CWE-909: Missing Initialization of Resource
CAPEC
References (16)
URL | Date | SRC |
---|---|---|
https://curl.se/docs/CVE-2021-22898.html | 2024-08-03 | |
https://hackerone.com/reports/1176461 | 2024-08-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | >= 7.7 <= 7.76.1 Search vendor "Haxx" for product "Curl" and version " >= 7.7 <= 7.76.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 1.11.0 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.11.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" | 1.10.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.10.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.15.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" | 1.8.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Service Communication Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "1.15.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Essbase Search vendor "Oracle" for product "Essbase" | < 11.1.2.4.047 Search vendor "Oracle" for product "Essbase" and version " < 11.1.2.4.047" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Essbase Search vendor "Oracle" for product "Essbase" | >= 21.0 < 21.3 Search vendor "Oracle" for product "Essbase" and version " >= 21.0 < 21.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | < 5.7.34 Search vendor "Oracle" for product "Mysql Server" and version " < 5.7.34" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | >= 8.0.15 < 8.0.25 Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.15 < 8.0.25" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||
Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12" | - |
Affected
| ||||||
Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6" | - |
Affected
| ||||||
Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | 9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0" | - |
Affected
|