curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"fixed": "1.0.1.1"
}
],
"vendor_product": "siemens:sinec_infrastructure_network_services"
},
{
"cpes": [
"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "3.1"
}
],
"vendor_product": "siemens:sinema_remote_connect_server"
},
{
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.12"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.6"
}
],
"vendor_product": "splunk:universal_forwarder"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "10.15.7-NA"
},
{
"last_affected": "10.15.7-security_update_2021\\-001"
},
{
"last_affected": "10.15.7-security_update_2021\\-002"
},
{
"last_affected": "10.15.7-security_update_2021\\-003"
},
{
"last_affected": "10.15.7-security_update_2021\\-004"
}
],
"vendor_product": "apple:mac_os_x"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.3:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.4:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:11.5:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "11.0"
},
{
"last_affected": "11.0.1"
},
{
"last_affected": "11.1"
},
{
"last_affected": "11.1.0"
},
{
"last_affected": "11.2"
},
{
"last_affected": "11.2.1"
},
{
"last_affected": "11.3"
},
{
"last_affected": "11.3.1"
},
{
"last_affected": "11.4"
},
{
"last_affected": "11.5"
}
],
"vendor_product": "apple:macos"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "33"
}
],
"vendor_product": "fedoraproject:fedora"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "8.57"
},
{
"last_affected": "8.58"
},
{
"last_affected": "8.59"
}
],
"vendor_product": "oracle:peoplesoft_enterprise_peopletools"
},
{
"cpes": [
"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "9.1.0"
}
],
"vendor_product": "splunk:universal_forwarder"
}
]
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.7.0"
},
{
"last_affected": "5.7.35"
},
{
"introduced": "8.0.0"
},
{
"last_affected": "8.0.26"
}
],
"cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*"
}