canonical ubuntu-linux CVE-2021-22925 vulnerability in Canonical and Other Products
Published on August 5, 2021

product logo product logo product logo product logo product logo product logo product logo product logo product logo
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2021-22925 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2021-22925

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22925 are published in these products:

Canonical Ubuntu Linux
 
Haxx Curl
 
Fedora Project Fedora
 
NetApp Clustered Data Ontap
 
NetApp Hci Management Node
 
NetApp Solidfire
 
Apple macOS
 
Oracle MySQL
 
Oracle Peoplesoft Enterprise Peopletools
 
Siemens Sinec Infrastructure Network Services
 
NetApp Cloud Backup
 
Siemens Sinema Remote Connect Server
 
Splunk Universal Forwarder
 

Exploit Probability

EPSS
0.35%
Percentile
56.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.