CVE-2021-22925

medium Splunk
CVSS v3 Base Score
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.4%
Exploitation probability in 30 days
Top 38% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Published: August 5, 2021 (1743 days ago)
Last Modified: April 16, 2026
Vendor: Splunk
Source: NVD

Description

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

CWE

CWE-200

Affected Products

haxx curlfedoraproject fedoranetapp cloud backupnetapp clustered data ontapnetapp hci management nodenetapp solidfireapple mac os xapple macosoracle mysql serveroracle peoplesoft enterprise peopletools

References

🔗 seclists.org 🔗 seclists.org 🔗 cert-portal.siemens.com 🔗 cert-portal.siemens.com 🔗 hackerone.com