{"containers": {"cna": {"affected": [{"product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [{"status": "affected", "version": "7.7 through 7.76.1"}]}], "descriptions": [{"lang": "en", "value": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Information Disclosure (CWE-200)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T00:06:14.000Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1176461"}, {"tags": ["x_refsource_MISC"], "url": "https://curl.se/docs/CVE-2021-22898.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"}, {"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"}, {"name": "FEDORA-2021-83fdddca0f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"}, {"name": "FEDORA-2021-5d21b90a30", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"}, {"name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"name": "DSA-5197", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5197"}, {"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2021-22898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/curl/curl", "version": {"version_data": [{"version_value": "7.7 through 7.76.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure (CWE-200)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1176461", "refsource": "MISC", "url": "https://hackerone.com/reports/1176461"}, {"name": "https://curl.se/docs/CVE-2021-22898.html", "refsource": "MISC", "url": "https://curl.se/docs/CVE-2021-22898.html"}, {"name": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", "refsource": "MISC", "url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"}, {"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"}, {"name": "FEDORA-2021-83fdddca0f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"}, {"name": "FEDORA-2021-5d21b90a30", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"}, {"name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"name": "DSA-5197", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5197"}, {"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:25.359Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1176461"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://curl.se/docs/CVE-2021-22898.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"}, {"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"}, {"name": "FEDORA-2021-83fdddca0f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"}, {"name": "FEDORA-2021-5d21b90a30", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"}, {"name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"name": "DSA-5197", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5197"}, {"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-28T18:31:55.808226Z", "id": "CVE-2021-22898", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:30:13.229Z"}}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22898", "datePublished": "2021-06-11T15:49:37.000Z", "dateReserved": "2021-01-06T00:00:00.000Z", "dateUpdated": "2026-04-16T13:30:13.229Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1176461", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://curl.se/docs/CVE-2021-22898.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", "name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/07/21/4", "name": "[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/", "name": "FEDORA-2021-83fdddca0f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", "name": "FEDORA-2021-5d21b90a30", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.debian.org/security/2022/dsa-5197", "name": "DSA-5197", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:25.359Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-22898", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-28T18:31:55.808226Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:30:09.386Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "https://github.com/curl/curl", "versions": [{"status": "affected", "version": "7.7 through 7.76.1"}]}], "references": [{"url": "https://hackerone.com/reports/1176461", "tags": ["x_refsource_MISC"]}, {"url": "https://curl.se/docs/CVE-2021-22898.html", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", "name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_refsource_MISC"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/07/21/4", "name": "[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/", "name": "FEDORA-2021-83fdddca0f", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", "name": "FEDORA-2021-5d21b90a30", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_refsource_MISC"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.debian.org/security/2022/dsa-5197", "name": "DSA-5197", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"]}], "descriptions": [{"lang": "en", "value": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information Disclosure (CWE-200)"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2022-08-29T00:06:14.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "7.7 through 7.76.1"}]}, "product_name": "https://github.com/curl/curl"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://hackerone.com/reports/1176461", "name": "https://hackerone.com/reports/1176461", "refsource": "MISC"}, {"url": "https://curl.se/docs/CVE-2021-22898.html", "name": "https://curl.se/docs/CVE-2021-22898.html", "refsource": "MISC"}, {"url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", "name": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde", "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E", "name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "refsource": "MLIST"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2021/07/21/4", "name": "[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again", "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/", "name": "FEDORA-2021-83fdddca0f", "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", "name": "FEDORA-2021-5d21b90a30", "refsource": "FEDORA"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update", "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM"}, {"url": "https://www.debian.org/security/2022/dsa-5197", "name": "DSA-5197", "refsource": "DEBIAN"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure (CWE-200)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-22898", "STATE": "PUBLIC", "ASSIGNER": "support@hackerone.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-22898", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:30:13.229Z", "dateReserved": "2021-01-06T00:00:00.000Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2021-06-11T15:49:37.000Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "45116E63-5ED9-4CBC-85D9-D6E432C06AE3", "versionEndIncluding": "7.76.1", "versionStartIncluding": "7.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE", "versionEndExcluding": "11.1.2.4.047", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", "matchCriteriaId": "3197F464-F0A5-4BD4-9068-65CD448D8F4C", "versionEndExcluding": "21.3", "versionStartIncluding": "21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B029E259-2B7F-4491-9CB1-05FD3B8245C0", "versionEndExcluding": "5.7.34", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "262D1BF5-6417-4977-8304-E1812E94F3C0", "versionEndExcluding": "8.0.25", "versionStartIncluding": "8.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}, {"lang": "es", "value": "curl versiones 7.7 hasta 7.76.1 sufre de una divulgacion de informaci\u00f3n cuando la opci\u00f3n de l\u00ednea de comandos \"-t\", conocida como \"CURLOPT_TELNETOPTIONS\" en libcurl, se usa para enviar pares de variables=contenido a servidores TELNET. Debido a un fallo en el analizador de opciones para el env\u00edo de variables NEW_ENV, podr\u00eda hacer que libcurl pasara datos no inicializados de un b\u00fafer basado en la pila al servidor, resultando en una potencial divulgaci\u00f3n de informaci\u00f3n interna confidencial al servidor que usaba un protocolo de red de texto sin cifrar"}], "id": "CVE-2021-22898", "lastModified": "2026-04-16T14:16:11.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-06-11T16:15:11.043", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://curl.se/docs/CVE-2021-22898.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/1176461"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5197"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://curl.se/docs/CVE-2021-22898.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/1176461"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-909"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Curl Project for reporting this issue. Upstream acknowledges Harry Sintonen as the original reporter.", "affected_release": [{"advisory": "RHSA-2021:4511", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "curl-0:7.61.1-22.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "curl: TELNET stack contents disclosure", "id": "1964887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964887"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-908", "details": ["curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.", "A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol."], "mitigation": {"lang": "en:us", "value": "This issue can be avoided by not setting any telnet options for the curl command line tool (using the -t / --telnet-option command line option) or the libcurl library (using the CURLOPT_TELNETOPTIONS option) when telnet protocol is not meant to be used.\nIf telnet protocol needs to be used with curl / libcurl, along with the NEW_ENV telnet option, ensure that no environment variable set via the NEW_ENV option has the name or value longer than 127 bytes."}, "name": "CVE-2021-22898", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Will not fix", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:3.1", "fix_state": "Will not fix", "package_name": "rh-dotnet31-curl", "product_name": ".NET Core 3.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "httpd24-curl", "product_name": "Red Hat Software Collections"}], "public_date": "2021-05-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-22898\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22898\nhttps://curl.se/docs/CVE-2021-22898.html"], "threat_severity": "Low"}