Updated: 2023-04-12 20:07:36.417414
Description:
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | LOW | 2.6 |
| CVSS Version 3.x | LOW | 3.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | curl | 7.19.7 | 3.1 | LOW | Released | CLSA-2021:1632261872 | 2022-05-05 12:01:02 |
| CentOS 6 ELS | mysql | 5.1.73 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 | |
| CentOS 8.4 ELS | curl | 7.61.1 | 3.1 | LOW | Released | CLSA-2022:1643198583 | 2022-04-19 21:49:47 |
| CentOS 8.4 ELS | mysql | 8.0.26 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 | |
| CentOS 8.5 ELS | curl | 7.61.1 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:49:47 | |
| CentOS 8.5 ELS | mysql | 8.0.26 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:04 | |
| CloudLinux 6 ELS | curl | 7.19.7 | 3.1 | LOW | Released | 2022-04-19 21:49:47 | |
| CloudLinux 6 ELS | mysql | 5.1.73 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 | |
| Oracle Linux 6 ELS | curl | 7.19.7 | 3.1 | LOW | Released | 2022-04-19 21:49:47 | |
| Oracle Linux 6 ELS | mysql | 5.1.73 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 |