Vulnerability Name:

CVE-2021-22898 (CCN-202562)

Assigned:2021-05-26
Published:2021-05-26
Updated:2022-08-30
Summary:curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
CVSS v3 Severity:3.1 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
2.7 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
3.1 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
2.7 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-909
CWE-908
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2021-22898

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: CCN
Type: Project curl Security Advisory, May 26th 2021
TELNET stack contents disclosure

Source: MISC
Type: Exploit, Patch, Vendor Advisory
https://curl.se/docs/CVE-2021-22898.html

Source: XF
Type: UNKNOWN
curl-cve202122898-info-disc(202562)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://hackerone.com/reports/1176461

Source: MLIST
Type: Mailing List, Third Party Advisory
[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-5d21b90a30

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-83fdddca0f

Source: DEBIAN
Type: Third Party Advisory
DSA-5197

Source: CCN
Type: IBM Security Bulletin 6479935 (MaaS360)
A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules

Source: CCN
Type: IBM Security Bulletin 6494763 (Aspera Enterprise)
IBM Aspera High-Speed Transfer Server, Endpoint, and Desktop Client are vulnerable to libcurl vulnerabilities (CVE-2021-22901, CVE-2021-22898)

Source: CCN
Type: IBM Security Bulletin 6510176 (PowerSC)
Multiple vulnerabilities in Curl affect PowerSC

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6560126 (Sterling Connect:Direct for UNIX Certified Container)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Source: CCN
Type: IBM Security Bulletin 6574367 (Cloud Private)
Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)

Source: CCN
Type: IBM Security Bulletin 6574787 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:haxx:curl:*:*:*:*:*:*:*:* (Version >= 7.7 and <= 7.76.1)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:mysql_server:*:*:*:*:*:*:*:* (Version >= 8.0.15 and < 8.0.25)
  • OR cpe:/a:oracle:mysql_server:*:*:*:*:*:*:*:* (Version < 5.7.34)
  • OR cpe:/a:oracle:essbase:*:*:*:*:*:*:*:* (Version >= 21.0 and < 21.3)
  • OR cpe:/a:oracle:essbase:*:*:*:*:*:*:*:* (Version < 11.1.2.4.047)
  • OR cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* (Version < 1.0.1.1)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:curl:libcurl:7.7:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7476
    P
    		curl-8.0.1-150400.5.23.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:704
    P
    		Security update for u-boot (Important)
    2022-08-22
    oval:org.opensuse.security:def:95250
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:3419
    P
    		ImageMagick-config-6-SUSE-6.8.8.1-71.126.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3605
    P
    		libical1-1.0.1-16.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:2902
    P
    		curl-7.79.1-150400.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94531
    P
    		cups-filters-1.25.0-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94532
    P
    		curl-7.79.1-150400.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:101963
    P
    		Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (Important)
    2022-04-14
    oval:org.opensuse.security:def:6020
    P
    		Security update for webkit2gtk3 (Important)
    2022-01-20
    oval:org.opensuse.security:def:112133
    P
    		curl-7.79.1-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105669
    P
    		Security update for python-Pygments (Important)
    2021-12-01
    oval:com.redhat.rhsa:def:20214511
    P
    		RHSA-2021:4511: curl security and bug fix update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:96999
    P
    		cyrus-sasl-sqlauxprop-2.1.26-5.3.2 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:97006
    P
    		grub2-x86_64-xen-2.02-24.12 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:101244
    P
    		yaml-cpp-devel-0.6.1-4.2.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:99660
    P
    		 (Important)
    2021-07-20
    oval:org.opensuse.security:def:111553
    P
    		Security update for curl (Moderate)
    2021-07-10
    oval:org.opensuse.security:def:38116
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:40100
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:42785
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:44530
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:41257
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:38799
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:45687
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:37500
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:43229
    P
    		Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:99968
    P
    		 (Important)
    2021-06-24
    oval:org.opensuse.security:def:99461
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:9711
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:92710
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:69851
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:98874
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:8958
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:92119
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:10084
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:92909
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:70224
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:99069
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:9330
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:92312
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:69470
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:10262
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:93062
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:8585
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:70402
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:99262
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:9512
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:92511
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:69652
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:93215
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:8763
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:91924
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:111409
    P
    		Security update for curl (Moderate)
    2021-05-29
    oval:org.opensuse.security:def:33913
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:51894
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:88123
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:126709
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:88436
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:127106
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:59478
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:89133
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:33655
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:125539
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:23906
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:59736
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:89391
    P
    		Security update for curl (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:66791
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:100281
    P
    		 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:40099
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:107910
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:42784
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:5702
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:26056
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:60263
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:44529
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:73816
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:5762
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:34440
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:67109
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:100610
    P
    		 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:58745
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:108629
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:42077
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:32922
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:64508
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:99636
    P
    		 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:38798
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:75859
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:117425
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:101435
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:37499
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:43228
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:64694
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:99946
    P
    		 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:76177
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:87386
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:73630
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:5043
    P
    		Security update for curl (Moderate)
    2021-05-26
    BACK
    haxx curl *
    debian debian linux 9.0
    fedoraproject fedora 33
    fedoraproject fedora 34
    oracle mysql server *
    oracle mysql server *
    oracle essbase *
    oracle essbase *
    oracle communications cloud native core network slice selection function 1.8.0
    oracle communications cloud native core network repository function 1.15.0
    oracle communications cloud native core network function cloud native environment 1.10.0
    oracle communications cloud native core service communication proxy 1.15.0
    oracle communications cloud native core network repository function 1.15.1
    oracle communications cloud native core binding support function 1.11.0
    siemens sinec infrastructure network services *
    curl libcurl 7.7
    ibm qradar security information and event manager 7.3.3
    ibm cloud private 3.2.1 cd
    ibm cloud private 3.2.2 cd
    ibm qradar security information and event manager 7.4.3 -
    ibm cloud pak for security 1.7.2.0
    ibm qradar security information and event manager 7.5.0 -
    ibm cloud pak for security 1.10.0.0
    ibm cloud pak for security 1.10.6.0