Lucene search
HackeroneCVELIST:CVE-2021-22925HistoryAug 05, 2021 - 12:00 a.m.
CVE-2021-22925
2021-08-0500:00:00
CWE-200
hackerone
www.cve.org
8
curl
command line
option parser
stack-based buffer
uninitialized data
network protocol
vulnerability
curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/curl/curl",
"versions": [
{
"version": "curl 7.7 to and including 7.77.0",
"status": "affected"
}
]
}
]References
seclists.org/fulldisclosure/2021/Sep/39
seclists.org/fulldisclosure/2021/Sep/40
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
hackerone.com/reports/1223882
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
security.gentoo.org/glsa/202212-01
security.netapp.com/advisory/ntap-20210902-0003/
support.apple.com/kb/HT212804
support.apple.com/kb/HT212805
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
nessus
nessus
EulerOS 2.0 SP5 : curl (EulerOS-SA-2021-2656)
2021-11-11 00:00:00
EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2021-2827)
2021-12-29 00:00:00
EulerOS Virtualization 3.0.2.6 : curl (EulerOS-SA-2021-2894)
2022-01-06 00:00:00
alpinelinux
alpinelinux
CVE-2021-22925
2021-08-05 21:15:11
ibm
ibm
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22925)
2021-10-04 15:42:39
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22925)
2022-04-22 14:30:11
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2021-11-01 20:13:42
cbl_mariner
cbl_mariner
CVE-2021-22925 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2021-22925 affecting package curl 7.76.0-9
2021-08-11 06:39:26
nvd
nvd
CVE-2021-22925
2021-08-05 21:15:11
osv
osv
CVE-2021-22925
2021-08-05 21:15:11
curl vulnerability
2022-01-20 11:40:36
curl vulnerabilities
2021-07-22 18:17:55
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22925
2021-09-21 22:05:44
cve
cve
CVE-2021-22925
2021-08-05 21:15:11
prion
prion
Stack overflow
2021-08-05 21:15:00
debiancve
debiancve
CVE-2021-22925
2021-08-05 21:15:11
veracode
veracode
Information Disclosure
2021-07-22 05:50:58
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2656)
2021-11-12 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2827)
2021-12-30 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1116)
2022-02-13 00:00:00
redhatcve
redhatcve
CVE-2021-22925
2021-07-21 09:20:15
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-2.0-0372
2021-07-23 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0417
2021-07-23 00:00:00
Low Photon OS Security Update - PHSA-2021-0417
2021-07-23 00:00:00
ubuntu
ubuntu
curl vulnerability
2022-01-20 00:00:00
curl vulnerabilities
2023-02-27 00:00:00
curl vulnerabilities
2021-07-22 00:00:00
hackerone
hackerone
curl: CVE-2021-22925: TELNET stack contents disclosure again
2021-06-11 12:15:31
ubuntucve
ubuntucve
CVE-2021-22925
2021-07-21 00:00:00
archlinux
archlinux
[ASA-202107-64] lib32-libcurl-gnutls: multiple issues
2021-07-21 00:00:00
[ASA-202107-60] lib32-curl: multiple issues
2021-07-21 00:00:00
[ASA-202107-63] libcurl-gnutls: multiple issues
2021-07-21 00:00:00
redhat
redhat
(RHSA-2021:4511) Moderate: curl security and bug fix update
2021-11-09 09:38:13
(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0
2022-02-03 17:07:25
(RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update
2021-11-17 03:27:52
rocky
rocky
curl security and bug fix update
2021-11-09 09:38:13
cloudfoundry
cloudfoundry
USN-5021-1: curl vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
oraclelinux
oraclelinux
curl security and bug fix update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: curl security and bug fix update
2021-11-09 09:38:13
suse
suse
Security update for curl (moderate)
2021-07-24 00:00:00
Security update for curl (moderate)
2021-07-21 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2021-07-27 23:21:53
fedora
fedora
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
2021-08-07 01:14:48
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34
2021-07-23 01:06:01
[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34
2021-09-21 15:33:29
amazon
amazon
Medium: curl
2021-09-08 23:35:00
slackware
slackware
[slackware-security] curl
2021-07-21 18:22:03
freebsd
freebsd
cURL -- Multiple vulnerabilities
2021-07-21 00:00:00
apple
apple
About the security content of Security Update 2021-005 Catalina
2021-09-13 00:00:00
About the security content of macOS Big Sur 11.6
2021-09-13 00:00:00
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
ics
ics
Siemens SINEMA Remote Connect Server
2022-06-16 12:00:00
Siemens SINEC INS
2022-03-10 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00