CVE-2021-22898
CVSS 3.1 - LOW
Description
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
Affected Products
18| Vendor | Product | Version |
|---|---|---|
| haxx | curl |
All versions
|
| debian | debian_linux |
9.0
|
| fedoraproject | fedora |
33
|
| fedoraproject | fedora |
34
|
| oracle | communications_cloud_native_core_binding_support_function |
1.11.0
|
| oracle | communications_cloud_native_core_network_function_cloud_native_environment |
1.10.0
|
| oracle | communications_cloud_native_core_network_repository_function |
1.15.0
|
| oracle | communications_cloud_native_core_network_repository_function |
1.15.1
|
| oracle | communications_cloud_native_core_network_slice_selection_function |
1.8.0
|
| oracle | communications_cloud_native_core_service_communication_proxy |
1.15.0
|
| oracle | essbase |
All versions
|
| oracle | essbase |
All versions
|
| oracle | mysql_server |
All versions
|
| oracle | mysql_server |
All versions
|
| siemens | sinec_infrastructure_network_services |
All versions
|
| splunk | universal_forwarder |
All versions
|
| splunk | universal_forwarder |
All versions
|
| splunk | universal_forwarder |
9.1.0
|
References
Weakness Types
CWE-200
CWE-909
CVE Information
- CVE ID:
CVE-2021-22898- Published:
- 2021-06-11
- Modified:
- 2026-04-16
- CVSS Score:
- 3.1
- Severity:
- LOW
- Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Vendors
haxx
oracle
siemens
fedoraproject
debian
splunk
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL