CVE-2021-22925
05.08.2021, 21:15
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.7 ≤ 𝑥 < 7.78.0 |
| netapp | cloud_backup | - |
| netapp | clustered_data_ontap | - |
| netapp | hci_management_node | - |
| netapp | solidfire | - |
| apple | mac_os_x | 10.15.7 |
| apple | mac_os_x | 10.15.7:security_update_2021-001 |
| apple | mac_os_x | 10.15.7:security_update_2021-002 |
| apple | mac_os_x | 10.15.7:security_update_2021-003 |
| apple | mac_os_x | 10.15.7:security_update_2021-004 |
| apple | macos | 11.0 |
| apple | macos | 11.0.1 |
| apple | macos | 11.1 |
| apple | macos | 11.1.0 |
| apple | macos | 11.2 |
| apple | macos | 11.2.1 |
| apple | macos | 11.3 |
| apple | macos | 11.3.1 |
| apple | macos | 11.4 |
| apple | macos | 11.5 |
| oracle | mysql_server | 5.7.0 ≤ 𝑥 ≤ 5.7.35 |
| oracle | mysql_server | 8.0.0 ≤ 𝑥 ≤ 8.0.26 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | peoplesoft_enterprise_peopletools | 8.59 |
| siemens | sinec_infrastructure_network_services | 𝑥 < 1.0.1.1 |
| siemens | sinema_remote_connect_server | 𝑥 < 3.1 |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h300e_firmware | - |
| netapp | h500e_firmware | - |
| netapp | h700e_firmware | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libcurl4-32bit |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-908 - Use of Uninitialized ResourceThe software uses or accesses a resource that has not been initialized.
References