CVE-2021-22925
moderate-risk
Published 2021-08-05
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
Do I need to act?
-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
References (24)
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/39
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/40
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Third Party Advisory
https://security.gentoo.org/glsa/202212-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/
Third Party Advisory
https://support.apple.com/kb/HT212804
Third Party Advisory
https://support.apple.com/kb/HT212805
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/39
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/40
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Third Party Advisory
https://security.gentoo.org/glsa/202212-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/
and 4 more references
46
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
2/34 · Minimal
Exposure
23/34 · High