Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-22925

Published: 05/08/2021 Updated: 27/03/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Curl

Vulnerability Summary

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

fedoraproject fedora 33

netapp cloud backup -

netapp clustered data ontap -

netapp solidfire -

netapp hci management node -

apple macos 11.0

apple mac os x 10.15.7

apple macos 11.0.1

apple macos 11.1

apple macos 11.1.0

apple macos 11.2

apple macos 11.2.1

apple macos 11.3

apple macos 11.3.1

apple macos 11.4

apple macos 11.5

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle mysql server

siemens sinec infrastructure network services

siemens sinema remote connect server

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes
Synopsis Moderate: Gatekeeper Operator v02 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Gatekeeper Operator v02Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available f ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...
Red Hat: Moderate: Release of OpenShift Serverless 1.20.0
Synopsis Moderate: Release of OpenShift Serverless 1200 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1200Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...
Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update
Synopsis Moderate: Red Hat OpenShift distributed tracing 210 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Openshit distributed tracing 21Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview
Synopsis Important: Release of containers for OSP 162 director operator tech preview Type/Severity Security Advisory: Important Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: net/http: limit growth of h ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 154 security update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
Amazon Linux 2: ALAS2-2021-1700
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol (CVE-2021-22898) A flaw was found in ...
Red Hat: CVE-2021-22925
A has been found in curl The fix for CVE-2021-22898 doesn't remedy the vulnerability A flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol The ...
Arch Linux Issues:
A security issue has been found in curl before version 7780 curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl This rarely used option is used to send variable=content pairs to TELNET servers Due to flaw in the option parser for sending NEW_ENV variables, libcurl before version 7780 could be made to pass on u ...

ICS Advisories

Siemens SINEMA Remote Connect Server
Siemens SINEC INS
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-908https://hackerone.com/reports/1223882https://security.netapp.com/advisory/ntap-20210902-0003/https://support.apple.com/kb/HT212804https://support.apple.com/kb/HT212805http://seclists.org/fulldisclosure/2021/Sep/39http://seclists.org/fulldisclosure/2021/Sep/40https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfhttps://security.gentoo.org/glsa/202212-01https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1081https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17https://alas.aws.amazon.com/AL2/ALAS-2021-1700.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook