CVE-2021-22898 – curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line …

11 June 2021

Vuln ID: CVE-2021-22898

Published: 2021-06-11 16:15:11Z

Description: curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Source: NVD.NIST.GOV

Date:

11 June 2021

Categorie(s):

NVD

Tag(s):

NVD

Forget Boss Battles, RedLine Malware Aims To Defeat Gamers With Fake Cheats19 April 2024
Breakthrough in Quantum Cloud Computing Ensures its Security and Privacy19 April 2024
How To Teach Your Kids About DeepFakes19 April 2024
In memoriam: Steven Young, respected CISO and former Cybersecurity Collaborative VP19 April 2024
The Biggest Deepfake Porn Website Is Now Blocked in the UK19 April 2024