19 matches found
Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017588)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017588 advisory. curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Du...
CLSA-2026-1776847322 curl: Fix of 3 CVEs
CVE-2022-27781: add limit of certificates which can be traversed breaking infinite loop in NSS cert verification - CVE-2023-27533: prevent TELNET option from IAC injection - CVE-2023-27534: fix SFTP path '' resolving discrepancy...
Siemens SIMATIC S7-1500 Missing Initialization of Resource (CVE-2021-22898)
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
Siemens SIMATIC S7-1500 Use of Uninitialized Resource (CVE-2021-22925)
curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...
curl: TELNET option IAC injection
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
CLSA-2023-1681491543 curl: Fix of 3 CVEs
CVE-2023-27533: prevent TELNET option from IAC injection - CVE-2023-27535: fix behavior when FTP too eager connection reuse - CVE-2023-27536: do not reuse connections with different GSS delegations...
Fedora 38 : curl (2023-0de03a9232)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0de03a9232 advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix HSTS double-free CVE-2023-27537 - fix GSS delegation too eager connection re-use...
USN-5964-2 curl vulnerabilities
USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing,...
SUSE CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
SUSE CVE-2021-22925
curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...
curl: TELNET stack contents disclosure
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...
OESA-2021-1321 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pai...
AZL-6363 CVE-2021-22925 affecting package curl for versions less than 7.76.0-5
curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...
AZL-6359 CVE-2021-22898 affecting package curl for versions less than 7.76.0-5
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
DEBIAN-CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...
CURL-CVE-2021-22898 TELNET stack contents disclosure
curl supports the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack bas...
Zebra and Quagga Remote DoS
A remote DoS exists in Zebra and/or Quagga when sending a telnet option delimiter with no actual option data. An attacker may exploit this flaw to prevent this host from doing proper routing. This affects all versions from 0.90a to 0.93b. OpenVAS Vulnerability Test $Id: zebrados.nasl 6046...
Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability
Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern UTC-0400. --------------------------------------------------------------------------- Summary ======= A defect in multiple Cisco IOS software versions will cause a...
Cisco IOS Software TELNET Option Handling Vulnerability
...