CVE-2021-22898

2021-05-2600:00:00

ubuntu.com

0.002 Low

EPSS

Percentile

58.1%

JSON

curl 7.7 through 7.76.1 suffers from an information disclosure when the
-t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is
used to send variable=content pairs to TELNET servers. Due to a flaw in the
option parser for sending NEW_ENV variables, libcurl could be made to pass
on uninitialized data from a stack based buffer to the server, resulting in
potentially revealing sensitive internal information to the server using a
clear-text network protocol.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcurl< 7.58.0-2ubuntu3.14UNKNOWN
ubuntu20.04noarchcurl< 7.68.0-1ubuntu2.6UNKNOWN
ubuntu21.04noarchcurl< 7.74.0-1ubuntu2.1UNKNOWN
ubuntu21.10noarchcurl< 7.74.0-1.2ubuntu4UNKNOWN
ubuntu22.04noarchcurl< 7.74.0-1.2ubuntu4UNKNOWN
ubuntu22.10noarchcurl< 7.74.0-1.2ubuntu4UNKNOWN
ubuntu23.04noarchcurl< 7.74.0-1.2ubuntu4UNKNOWN
ubuntu14.04noarchcurl< 7.35.0-1ubuntu2.20+esm14UNKNOWN
ubuntu16.04noarchcurl< 7.47.0-1ubuntu2.19+esm3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	curl	< 7.58.0-2ubuntu3.14	UNKNOWN
ubuntu	20.04	noarch	curl	< 7.68.0-1ubuntu2.6	UNKNOWN
ubuntu	21.04	noarch	curl	< 7.74.0-1ubuntu2.1	UNKNOWN
ubuntu	21.10	noarch	curl	< 7.74.0-1.2ubuntu4	UNKNOWN
ubuntu	22.04	noarch	curl	< 7.74.0-1.2ubuntu4	UNKNOWN
ubuntu	22.10	noarch	curl	< 7.74.0-1.2ubuntu4	UNKNOWN
ubuntu	23.04	noarch	curl	< 7.74.0-1.2ubuntu4	UNKNOWN
ubuntu	14.04	noarch	curl	< 7.35.0-1ubuntu2.20+esm14	UNKNOWN
ubuntu	16.04	noarch	curl	< 7.47.0-1ubuntu2.19+esm3	UNKNOWN