Updated: 2024-11-24 05:26:57.907377
Description:
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | LOW | 2.6 |
CVSS Version 3.x | LOW | 3.1 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | curl | 7.76.1 | 3.1 | LOW | Ignored | 2023-11-08 04:08:05 | ||
CentOS 6 ELS | curl | 7.19.7 | 3.1 | LOW | Released | CLSA-2021:1632261872 | 2022-05-05 12:01:02 | |
CentOS 6 ELS | mysql | 5.1.73 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 | ||
CentOS 7 ELS | curl | 7.29.0 | 3.1 | LOW | Ignored | 2023-09-19 09:30:32 | ||
CentOS 8.4 ELS | curl | 7.61.1 | 3.1 | LOW | Released | CLSA-2022:1643198583 | 2022-04-19 21:49:47 | |
CentOS 8.4 ELS | mysql | 8.0.26 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 | ||
CentOS 8.5 ELS | mysql | 8.0.26 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:04 | ||
CentOS 8.5 ELS | curl | 7.61.1 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:49:47 | ||
CloudLinux 6 ELS | mysql | 5.1.73 | 3.1 | LOW | Not Vulnerable | 2022-04-19 21:50:03 | ||
CloudLinux 6 ELS | curl | 7.19.7 | 3.1 | LOW | Released | 2022-04-19 21:49:47 |