CVE-2021-22925

Published: 21 July 2021

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
Upstream
Released (7.78.0)
Ubuntu 21.04 (Hirsute Hippo)
Released (7.74.0-1ubuntu2.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (7.68.0-1ubuntu2.6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (7.58.0-2ubuntu3.14)
Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage