CVE-2021-22898

low Splunk
CVSS v3 Base Score
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 68% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
None
Availability
None
Published: June 11, 2021 (1798 days ago)
Last Modified: April 16, 2026
Vendor: Splunk
Source: NVD

Description

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

CWE

CWE-200

Affected Products

haxx curldebian debian linuxfedoraproject fedoraoracle communications cloud native core binding support functionoracle communications cloud native core network function cloud native environmentoracle communications cloud native core network repository functionoracle communications cloud native core network slice selection functionoracle communications cloud native core service communication proxyoracle essbaseoracle mysql server

References

🔗 www.openwall.com 🔗 cert-portal.siemens.com 🔗 curl.se 🔗 github.com 🔗 hackerone.com