Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22925

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Published

2021-08-05T21:15:11.467

Last Modified

2024-11-21T05:50:55.860

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	< 7.78.0	Yes
Operating System	fedoraproject	fedora	33	Yes
Application	netapp	cloud_backup	-	Yes
Application	netapp	clustered_data_ontap	-	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	solidfire	-	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	macos	11.0	Yes
Operating System	apple	macos	11.0.1	Yes
Operating System	apple	macos	11.1	Yes
Operating System	apple	macos	11.1.0	Yes
Operating System	apple	macos	11.2	Yes
Operating System	apple	macos	11.2.1	Yes
Operating System	apple	macos	11.3	Yes
Operating System	apple	macos	11.3.1	Yes
Operating System	apple	macos	11.4	Yes
Operating System	apple	macos	11.5	Yes
Application	oracle	mysql_server	≤ 5.7.35	Yes
Application	oracle	mysql_server	≤ 8.0.26	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.58	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.59	Yes
Application	siemens	sinec_infrastructure_network_services	< 1.0.1.1	Yes
Application	siemens	sinema_remote_connect_server	< 3.1	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	-	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	-	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Application	splunk	universal_forwarder	< 8.2.12	Yes
Application	splunk	universal_forwarder	< 9.0.6	Yes
Application	splunk	universal_forwarder	9.1.0	Yes

References

http://seclists.org/fulldisclosure/2021/Sep/39 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2021/Sep/40 Mailing List, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf Third Party Advisory ([email protected])
https://hackerone.com/reports/1223882 Exploit, Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202212-01 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210902-0003/ Third Party Advisory ([email protected])
https://support.apple.com/kb/HT212804 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT212805 Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2021/Sep/39 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2021/Sep/40 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1223882 Exploit, Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202212-01 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210902-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT212804 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT212805 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)