CVE-2021-22925

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

CVSS v3.0 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://hackerone.com/reports/1223882	Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/	Third Party Advisory
https://support.apple.com/kb/HT212804	Third Party Advisory
https://support.apple.com/kb/HT212805	Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/39	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/40	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:apple:macos:11.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.15.7:-::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004::::::
	cpe:2.3:o:apple:macos:11.0.1:::::::*
	cpe:2.3:o:apple:macos:11.1:::::::*
	cpe:2.3:o:apple:macos:11.1.0:::::::*
	cpe:2.3:o:apple:macos:11.2:::::::*
	cpe:2.3:o:apple:macos:11.2.1:::::::*
	cpe:2.3:o:apple:macos:11.3:::::::*
	cpe:2.3:o:apple:macos:11.3.1:::::::*
	cpe:2.3:o:apple:macos:11.4:::::::*
	cpe:2.3:o:apple:macos:11.5:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::

Configuration 6 (hide)

cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

Information

Published : 2021-08-05 21:15

Updated : 2022-06-14 11:15

NVD link : CVE-2021-22925

Mitre link : CVE-2021-22925

JSON object : View

Products Affected

netapp

solidfire
clustered_data_ontap
hci_management_node

apple

macos
mac_os_x

fedoraproject

fedora

siemens

sinec_infrastructure_network_services

haxx

curl

oracle

peoplesoft_enterprise_peopletools
mysql_server

CWE

CWE-908

Use of Uninitialized Resource

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

5.3^/10

5.0^/10