CVE-2021-22898

Updated: 2024-11-24 05:26:57.907377

Description:

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 2.6
CVSS Version 3.x LOW 3.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU curl 7.76.1 3.1 LOW Ignored 2023-11-08 04:08:05
CentOS 6 ELS curl 7.19.7 3.1 LOW Released CLSA-2021:1632261872 2022-05-05 12:01:02
CentOS 6 ELS mysql 5.1.73 3.1 LOW Not Vulnerable 2022-04-19 21:50:03
CentOS 7 ELS curl 7.29.0 3.1 LOW Ignored 2023-09-19 09:30:32
CentOS 8.4 ELS curl 7.61.1 3.1 LOW Released CLSA-2022:1643198583 2022-04-19 21:49:47
CentOS 8.4 ELS mysql 8.0.26 3.1 LOW Not Vulnerable 2022-04-19 21:50:03
CentOS 8.5 ELS mysql 8.0.26 3.1 LOW Not Vulnerable 2022-04-19 21:50:04
CentOS 8.5 ELS curl 7.61.1 3.1 LOW Not Vulnerable 2022-04-19 21:49:47
CloudLinux 6 ELS mysql 5.1.73 3.1 LOW Not Vulnerable 2022-04-19 21:50:03
CloudLinux 6 ELS curl 7.19.7 3.1 LOW Released 2022-04-19 21:49:47
Total: 16