Lucene search

K
osvGoogleOSV:USN-5021-1
HistoryJul 22, 2021 - 6:17 p.m.

curl vulnerabilities

2021-07-2218:17:55
Google
osv.dev
42
curl
telnet
connection
vulnerability
sensitive information
remote server
software

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

74.4%

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled
TELNET connections when the -t option was used on the command line.
Uninitialized data possibly containing sensitive information could be sent
to the remote server, contrary to expectations. (CVE-2021-22898,
CVE-2021-22925)

Harry Sintonen discovered that curl incorrectly reused connections in the
connection pool. This could result in curl reusing the wrong connections.
(CVE-2021-22924)