curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
27 Mar 2024, 15:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 Aug 2022, 19:09
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Third Party Advisory |
29 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2022, 17:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Cloud Native Core Network Slice Selection Function
Oracle communications Cloud Native Core Binding Support Function Oracle communications Cloud Native Core Service Communication Proxy Oracle communications Cloud Native Core Network Function Cloud Native Environment Oracle communications Cloud Native Core Network Repository Function |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 13:20
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (MISC) https://hackerone.com/reports/1176461 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
First Time |
Siemens sinec Infrastructure Network Services
Siemens |
|
CPE | cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 18:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
First Time |
Oracle essbase
|
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 12:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/21/4 - Mailing List, Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/ - Mailing List, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* |
13 Aug 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Aug 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Jul 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jul 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2021, 15:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.6
v3 : 3.1 |
22 Jun 2021, 16:23
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://curl.se/docs/CVE-2021-22898.html - Exploit, Patch, Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1176461 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-909 |
18 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2021, 17:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-11 16:15
Updated : 2024-03-27 15:47
NVD link : CVE-2021-22898
Mitre link : CVE-2021-22898
CVE.ORG link : CVE-2021-22898
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_network_slice_selection_function
- essbase
- communications_cloud_native_core_service_communication_proxy
- communications_cloud_native_core_network_function_cloud_native_environment
- communications_cloud_native_core_network_repository_function
- mysql_server
siemens
- sinec_infrastructure_network_services
splunk
- universal_forwarder
fedoraproject
- fedora
debian
- debian_linux
haxx
- curl