Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4511

Опубликовано: 15 нояб. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: curl security and bug fix update

For more information visit https://errata.rockylinux.org/RLSA-2021:4511

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
curlx86_6422.el8curl-7.61.1-22.el8.x86_64.rpm
libcurli68622.el8libcurl-7.61.1-22.el8.i686.rpm
libcurlx86_6422.el8libcurl-7.61.1-22.el8.x86_64.rpm
libcurl-develi68622.el8libcurl-devel-7.61.1-22.el8.i686.rpm
libcurl-develx86_6422.el8libcurl-devel-7.61.1-22.el8.x86_64.rpm
libcurl-minimali68622.el8libcurl-minimal-7.61.1-22.el8.i686.rpm
libcurl-minimalx86_6422.el8libcurl-minimal-7.61.1-22.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-22925

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2021-22925

CVSS3: 5.3
ubuntu
почти 4 года назад

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

redhat логотип

CVE-2021-22925

CVSS3: 3.1
redhat
почти 4 года назад

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

nvd логотип

CVE-2021-22925

CVSS3: 5.3
nvd
почти 4 года назад

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

debian логотип

CVE-2021-22925

CVSS3: 5.3
debian
почти 4 года назад

curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...

github логотип

GHSA-rjqf-6h27-xqfp

CVSS3: 5.3
github
около 3 лет назад

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.