Updated: 2026-02-27 00:16:56.389159
Description:
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5.0 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | curl | 7.76.1 | 5.3 | MEDIUM | Ignored | 2023-11-08 04:08:08 | This issue only triggers when curl/libcurl is explicitly used with the legacy telnet:// protocol and... | |
| CentOS 6 ELS | mysql | 5.1.73 | 5.3 | MEDIUM | Ignored | 2022-07-18 11:44:12 | Ignored due to low severity | |
| CentOS 6 ELS | curl | 7.19.7 | 5.3 | MEDIUM | Released | CLSA-2021:1632261944 | 2022-05-05 12:01:07 | Ignored due to low severity |
| CentOS 7 ELS | curl | 7.29.0 | 5.3 | MEDIUM | Ignored | 2023-09-19 09:30:33 | Ignored due to low severity | |
| CentOS 8.4 ELS | curl | 7.61.1 | 5.3 | MEDIUM | Released | CLSA-2022:1643198583 | 2022-03-10 14:51:08 | CVE-2021-22925 is limited to curl/libcurl 7.7–7.77.0 when the TELNET-specific option parser (CURLO... |
| CentOS 8.4 ELS | mysql | 8.0.26 | 5.3 | MEDIUM | Not Vulnerable | 2022-03-10 14:51:23 | CVE-2021-22925 is limited to curl/libcurl 7.7–7.77.0 when the TELNET-specific option parser (CURLO... | |
| CentOS 8.5 ELS | mysql | 8.0.26 | 5.3 | MEDIUM | Not Vulnerable | 2022-03-10 14:51:23 | CVE-2021-22925 is limited to curl/libcurl 7.7–7.77.0 when the TELNET-specific option parser (CURLO... | |
| CentOS 8.5 ELS | curl | 7.61.1 | 5.3 | MEDIUM | Not Vulnerable | 2022-03-10 14:51:08 | CVE-2021-22925 is limited to curl/libcurl 7.7–7.77.0 when the TELNET-specific option parser (CURLO... | |
| CloudLinux 6 ELS | curl | 7.19.7 | 5.3 | MEDIUM | Released | 2022-03-10 14:51:08 | Ignored due to low severity | |
| CloudLinux 6 ELS | mysql | 5.1.73 | 5.3 | MEDIUM | Ignored | 2022-07-18 11:44:12 | Ignored due to low severity |