Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-22898

Опубликовано: 11 июн. 2021
Источник: ubuntu
Приоритет: low
CVSS2: 2.6
CVSS3: 3.1

Описание

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

РелизСтатусПримечание
bionic

released

7.58.0-2ubuntu3.14
devel

released

7.74.0-1.2ubuntu4
esm-infra-legacy/trusty

not-affected

7.35.0-1ubuntu2.20+esm14
esm-infra/bionic

not-affected

7.58.0-2ubuntu3.14
esm-infra/focal

not-affected

7.68.0-1ubuntu2.6
esm-infra/xenial

released

7.47.0-1ubuntu2.19+esm3
focal

released

7.68.0-1ubuntu2.6
groovy

ignored

end of life
hirsute

released

7.74.0-1ubuntu2.1
impish

released

7.74.0-1.2ubuntu4

Показывать по

Ссылки на источники

2.6 Low

CVSS2

3.1 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-22898

CVSS3: 3.1
redhat
около 4 лет назад

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

nvd логотип

CVE-2021-22898

CVSS3: 3.1
nvd
около 4 лет назад

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

msrc логотип

CVE-2021-22898

CVSS3: 3.1
msrc
почти 4 года назад

Описание отсутствует

debian логотип

CVE-2021-22898

CVSS3: 3.1
debian
около 4 лет назад

curl 7.7 through 7.76.1 suffers from an information disclosure when th ...

suse-cvrf логотип

openSUSE-SU-2021:1762-1

suse-cvrf
почти 4 года назад

Security update for curl

2.6 Low

CVSS2

3.1 Low

CVSS3