Lucene search

K
cve[email protected]CVE-2021-22898
HistoryJun 11, 2021 - 4:15 p.m.

CVE-2021-22898

2021-06-1116:15:11
CWE-200
CWE-909
web.nvd.nist.gov
309
20
cve-2021-22898
curl
information disclosure
libcurl
telnetoptions
nvd
stack buffer
network protocol

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

58.3%

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Affected configurations

NVD
Node
haxxcurlRange7.77.76.1
Node
debiandebian_linuxMatch9.0
Node
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
Node
oraclecommunications_cloud_native_core_binding_support_functionMatch1.11.0
OR
oraclecommunications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0
OR
oraclecommunications_cloud_native_core_network_repository_functionMatch1.15.0
OR
oraclecommunications_cloud_native_core_network_repository_functionMatch1.15.1
OR
oraclecommunications_cloud_native_core_network_slice_selection_functionMatch1.8.0
OR
oraclecommunications_cloud_native_core_service_communication_proxyMatch1.15.0
OR
oracleessbaseRange<11.1.2.4.047
OR
oracleessbaseRange21.021.3
OR
oraclemysql_serverRange<5.7.34
OR
oraclemysql_serverRange8.0.158.0.25
Node
siemenssinec_infrastructure_network_servicesRange<1.0.1.1
Node
splunkuniversal_forwarderRange8.2.08.2.12
OR
splunkuniversal_forwarderRange9.0.09.0.6
OR
splunkuniversal_forwarderMatch9.1.0
VendorProductVersionCPE
haxxcurlcpe:/a:haxx:curl::::

CNA Affected

[
  {
    "product": "https://github.com/curl/curl",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "7.7 through 7.76.1"
      }
    ]
  }
]

References

Social References

More

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

58.3%