Lucene search
Redhat.comRH:CVE-2021-22925HistoryJul 21, 2021 - 9:20 a.m.
CVE-2021-22925
2021-07-2109:20:15
redhat.com
access.redhat.com
23
0.003 Low
EPSS
Percentile
69.3%
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol.
Mitigation
This issue can be avoided by not setting any telnet options for the curl command line tool (using the -t / --telnet-option command line option) or the libcurl library (using the CURLOPT_TELNETOPTIONS option) when telnet protocol is not meant to be used.
If telnet protocol needs to be used with curl / libcurl, along with the NEW_ENV telnet option, ensure that no environment variable set via the NEW_ENV option has the name or value longer than 127 bytes.
Related
nessus
nessus
EulerOS Virtualization 3.0.2.6 : curl (EulerOS-SA-2021-2894)
2022-01-06 00:00:00
Ubuntu 16.04 ESM : curl vulnerability (USN-5021-2)
2022-01-20 00:00:00
EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2022-1116)
2022-02-12 00:00:00
veracode
veracode
Information Disclosure
2021-07-22 05:50:58
Information Disclosure
2021-05-28 12:59:20
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2656)
2021-11-12 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2827)
2021-12-30 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1116)
2022-02-13 00:00:00
osv
osv
curl vulnerability
2022-01-20 11:40:36
Moderate: curl security and bug fix update
2021-11-09 09:38:13
Moderate: curl security and bug fix update
2021-11-09 09:38:13
ubuntucve
ubuntucve
CVE-2021-22925
2021-07-21 00:00:00
CVE-2021-22898
2021-05-26 00:00:00
hackerone
hackerone
curl: CVE-2021-22925: TELNET stack contents disclosure again
2021-06-11 12:15:31
curl: CVE-2021-22898: TELNET stack contents disclosure
2021-04-27 09:49:43
ubuntu
ubuntu
curl vulnerability
2022-01-20 00:00:00
oraclelinux
oraclelinux
curl security and bug fix update
2021-11-16 00:00:00
cloudfoundry
cloudfoundry
USN-5021-1: curl vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
almalinux
almalinux
Moderate: curl security and bug fix update
2021-11-09 09:38:13
redhat
redhat
(RHSA-2021:4511) Moderate: curl security and bug fix update
2021-11-09 09:38:13
(RHSA-2022:0318) Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update
2022-01-27 16:46:55
(RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update
2021-11-17 03:27:52
archlinux
archlinux
[ASA-202107-64] lib32-libcurl-gnutls: multiple issues
2021-07-21 00:00:00
[ASA-202107-60] lib32-curl: multiple issues
2021-07-21 00:00:00
[ASA-202107-63] libcurl-gnutls: multiple issues
2021-07-21 00:00:00
rocky
rocky
curl security and bug fix update
2021-11-09 09:38:13
prion
prion
Stack overflow
2021-06-11 16:15:00
Stack overflow
2021-08-05 21:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22898
2021-09-21 22:04:32
Fix of CVE: CVE-2021-22925
2021-09-21 22:05:44
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2021-22925 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2021-22925 affecting package curl 7.76.0-9
2021-08-11 06:39:26
CVE-2021-22898 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
alpinelinux
alpinelinux
CVE-2021-22925
2021-08-05 21:15:11
CVE-2021-22898
2021-06-11 16:15:11
cve
cve
CVE-2021-22925
2021-08-05 21:15:11
CVE-2021-22898
2021-06-11 16:15:11
cvelist
cvelist
CVE-2021-22925
2021-08-05 00:00:00
CVE-2021-22898
2021-06-11 15:49:37
amazon
amazon
debiancve
debiancve
CVE-2021-22925
2021-08-05 21:15:00
CVE-2021-22898
2021-06-11 16:15:11
f5
f5
K22415133 : cURL vulnerability CVE-2021-22898
2021-10-12 00:00:00
mageia
mageia
Updated curl packages fix a security vulnerability
2021-06-09 00:45:12
Updated curl packages fix security vulnerabilities
2021-07-27 23:21:53
redhatcve
redhatcve
CVE-2021-22898
2021-05-26 09:45:53
fedora
fedora
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
2021-08-07 01:14:48
[SECURITY] Fedora 34 Update: curl-7.76.1-3.fc34
2021-05-28 01:01:28
[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33
2021-10-02 01:10:15
photon
photon
gentoo
gentoo
cURL: Multiple vulnerabilities
2021-05-26 00:00:00
slackware
slackware
[slackware-security] curl
2021-07-21 18:22:03
freebsd
freebsd
cURL -- Multiple vulnerabilities
2021-07-21 00:00:00
debian
debian
[SECURITY] [DSA 5197-1] curl security update
2022-08-01 16:58:44