Your submission was sent successfully! Close

CVE-2021-22925

Published: 21 July 2021

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Notes

AuthorNote
mdeslaur
caused by incomplete fix for CVE-2021-22898
Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic
Released (7.58.0-2ubuntu3.14)
focal
Released (7.68.0-1ubuntu2.6)
groovy Ignored
(reached end-of-life)
hirsute
Released (7.74.0-1ubuntu2.1)
impish
Released (7.74.0-1.2ubuntu4)
jammy
Released (7.74.0-1.2ubuntu4)
kinetic
Released (7.74.0-1.2ubuntu4)
trusty Needed

upstream
Released (7.78.0)
xenial
Released (7.47.0-1ubuntu2.19+esm3)