DEBIAN-CVE-2021-22898
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-22898
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-22898.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-22898
- Upstream
- Published
- 2021-06-11T16:15:11Z
- Modified
- 2025-09-19T07:31:26.262141Z
- Summary
- [none]
- Details
-
curl 7.7 through 7.76.1 suffers from an information disclosure when the
-tcommand line option, known asCURLOPT_TELNETOPTIONSin libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. - References
Affected packages
Debian:11 / curl
Package
- Name
- curl
- Purl
- pkg:deb/debian/curl?arch=source
Debian:12 / curl
Package
- Name
- curl
- Purl
- pkg:deb/debian/curl?arch=source
Debian:13 / curl
Package
- Name
- curl
- Purl
- pkg:deb/debian/curl?arch=source
Debian:14 / curl
Package
- Name
- curl
- Purl
- pkg:deb/debian/curl?arch=source