Vulnerability Details : CVE-2021-22898
Potential exploit
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
Vulnerability category: Information leak
Products affected by CVE-2021-22898
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
- Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.10.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-22898
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22898
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST | |
3.1
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
NIST |
CWE ids for CVE-2021-22898
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: support@hackerone.com (Secondary)
-
The product does not initialize a critical resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-22898
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
Apache Mail ArchivesMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
[jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans. - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://curl.se/docs/CVE-2021-22898.html
curl - TELNET stack contents disclosure - CVE-2021-22898Exploit;Patch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
[SECURITY] [DLA 3085-1] curl security updateThird Party Advisory
-
https://www.debian.org/security/2022/dsa-5197
Debian -- Security Information -- DSA-5197-1 curlThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/07/21/4
oss-security - [SECURITY ADVISORY] curl: TELNET stack contents disclosure againMailing List;Patch;Third Party Advisory
-
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
telnet: check sscanf() for correct number of matches · curl/curl@39ce47f · GitHubPatch;Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
[SECURITY] [DLA 2734-1] curl security updateMailing List;Third Party Advisory
-
https://hackerone.com/reports/1176461
#1176461 CVE-2021-22898: TELNET stack contents disclosureExploit;Issue Tracking;Patch;Third Party Advisory
Jump to