NA

CVE-2021-22925

Vulnerability Summary

A has been found in curl. The fix for CVE-2021-22898 doesn't remedy the vulnerability. A flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to confidentiality.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

A has been found in curl The fix for CVE-2021-22898 doesn't remedy the vulnerability A flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol The ...
A security issue has been found in curl before version 7780 curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl This rarely used option is used to send variable=content pairs to TELNET servers Due to flaw in the option parser for sending NEW_ENV variables, libcurl before version 7780 could be made to pass on u ...
Arch Linux Security Advisory ASA-202107-61 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22924 CVE-2021-22925 Package : libcurl-compat Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-2196 Summary ======= The package libcurl-compat before version 7780-1 i ...
Arch Linux Security Advisory ASA-202107-60 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22924 CVE-2021-22925 Package : lib32-curl Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-2195 Summary ======= The package lib32-curl before version 7780-1 is vulner ...
Arch Linux Security Advisory ASA-202107-64 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22924 CVE-2021-22925 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-2199 Summary ======= The package lib32-libcurl-gnutls before versio ...
Arch Linux Security Advisory ASA-202107-62 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22924 CVE-2021-22925 Package : lib32-libcurl-compat Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-2197 Summary ======= The package lib32-libcurl-compat before versio ...
Arch Linux Security Advisory ASA-202107-63 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22924 CVE-2021-22925 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-2198 Summary ======= The package libcurl-gnutls before version 7780-1 i ...
Arch Linux Security Advisory ASA-202107-59 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 Package : curl Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-2194 Summary ======= The package curl before version ...

Mailing Lists

TELNET stack contents disclosure again ====================================== Project curl Security Advisory, July 21st 2021 - [Permalink](curlse/docs/CVE-2021-22925html) VULNERABILITY ------------- curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl This rarely used option is used to send variable= ...