Information Disclosure

2021-05-2812:59:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

A security issue has been found in curl before version 7.77.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server. Therefore potentially revealing sensitive internal information to the server using a clear-text network protocol.

CPENameOperatorVersion
curl:3.11eq7.67.0-r3
curl:3.11eq7.67.0-r0
curl:3.10eq7.66.0-r0
curl:3.10eq7.66.0-r3
curl:edgeeq7.69.1-r0
curl:edgeeq7.69.0-r0
curl:edgeeq7.76.0-r0
curl:edgeeq7.76.1-r0
curl:edgeeq7.75.0-r0
curl:edgeeq7.68.0-r0

Name	Operator	Version
curl:3.11	eq	7.67.0-r3
curl:3.11	eq	7.67.0-r0
curl:3.10	eq	7.66.0-r0
curl:3.10	eq	7.66.0-r3
curl:edge	eq	7.69.1-r0
curl:edge	eq	7.69.0-r0
curl:edge	eq	7.76.0-r0
curl:edge	eq	7.76.1-r0
curl:edge	eq	7.75.0-r0
curl:edge	eq	7.68.0-r0