Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2021-22898

Disclosure Date: June 11, 2021
CVE-2021-22898 CVSS v3 Base Score: 3.1
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
3.1 Low
Impact Score:
1.4
Exploitability Score:
1.6
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
https://github.com/curl/curl 7.7 through 7.76.1
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • fedoraproject,
  • haxx,
  • oracle,
  • siemens,
  • splunk

Products

  • communications cloud native core binding support function 1.11.0,
  • communications cloud native core network function cloud native environment 1.10.0,
  • communications cloud native core network repository function 1.15.0,
  • communications cloud native core network repository function 1.15.1,
  • communications cloud native core network slice selection function 1.8.0,
  • communications cloud native core service communication proxy 1.15.0,
  • curl,
  • debian linux 9.0,
  • essbase,
  • fedora 33,
  • fedora 34,
  • mysql server,
  • sinec infrastructure network services,
  • universal forwarder,
  • universal forwarder 9.1.0

References

Canonical
CVE-2021-22898 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898)
Advisory
[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans. (https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E)
[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again (http://www.openwall.com/lists/oss-security/2021/07/21/4)
FEDORA-2021-83fdddca0f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/)
FEDORA-2021-5d21b90a30 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/)
[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update (https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
DSA-5197 (https://www.debian.org/security/2022/dsa-5197)
[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update (https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html)
Miscellaneous
https://hackerone.com/reports/1176461
https://curl.se/docs/CVE-2021-22898.html
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis