{"api_version":"1","generated_at":"2026-04-22T20:52:14+00:00","cve":"CVE-2021-22898","urls":{"html":"https://cve.report/CVE-2021-22898","api":"https://cve.report/api/cve/CVE-2021-22898.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22898","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22898"},"summary":{"title":"CVE-2021-22898","description":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.","state":"PUBLISHED","assigner":"hackerone","published_at":"2021-06-11 16:15:11","updated_at":"2026-04-16 14:16:11"},"problem_types":["CWE-200","CWE-909","CWE-200 Information Disclosure (CWE-200)"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"3.1","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"3.1","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.1,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"3.1","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"2.6","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hackerone.com/reports/1176461","name":"https://hackerone.com/reports/1176461","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/07/21/4","name":"http://www.openwall.com/lists/oss-security/2021/07/21/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - [SECURITY ADVISORY] curl: TELNET stack contents disclosure again","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","name":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","name":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[SECURITY] [DLA 3085-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://curl.se/docs/CVE-2021-22898.html","name":"https://curl.se/docs/CVE-2021-22898.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"curl - TELNET stack contents disclosure - CVE-2021-22898","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5197","name":"https://www.debian.org/security/2022/dsa-5197","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-5197-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","name":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"telnet: check sscanf() for correct number of matches · curl/curl@39ce47f · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","name":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2734-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","name":"FEDORA:FEDORA-2021-5d21b90a30","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","name":"FEDORA:FEDORA-2021-83fdddca0f","refsource":"MITRE","tags":[],"title":"[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E","name":"MLIST:[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22898","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22898","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"https://github.com/curl/curl","version":"affected 7.7 through 7.76.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"7.76.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_binding_support_function","cpe6":"1.11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_function_cloud_native_environment","cpe6":"1.10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_repository_function","cpe6":"1.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_repository_function","cpe6":"1.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_slice_selection_function","cpe6":"1.8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_service_communication_proxy","cpe6":"1.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"essbase","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-22898","qid":"159520","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2021-4511)"},{"cve":"CVE-2021-22898","qid":"178759","title":"Debian Security Update for curl (DLA 2734-1)"},{"cve":"CVE-2021-22898","qid":"180909","title":"Debian Security Update for curl (DSA 5197-1)"},{"cve":"CVE-2021-22898","qid":"180969","title":"Debian Security Update for curl (DLA 3085-1)"},{"cve":"CVE-2021-22898","qid":"182775","title":"Debian Security Update for curl (CVE-2021-22898)"},{"cve":"CVE-2021-22898","qid":"198441","title":"Ubuntu Security Notification for curl vulnerabilities (USN-5021-1)"},{"cve":"CVE-2021-22898","qid":"199491","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-5894-1)"},{"cve":"CVE-2021-22898","qid":"239832","title":"Red Hat Update for curl (RHSA-2021:4511)"},{"cve":"CVE-2021-22898","qid":"281101","title":"Fedora Security Update for curl (FEDORA-2021-eb5b7c53a9)"},{"cve":"CVE-2021-22898","qid":"281737","title":"Fedora Security Update for curl (FEDORA-2021-83fdddca0f)"},{"cve":"CVE-2021-22898","qid":"281795","title":"Fedora Security Update for curl (FEDORA-2021-5d21b90a30)"},{"cve":"CVE-2021-22898","qid":"296065","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)"},{"cve":"CVE-2021-22898","qid":"352402","title":"Amazon Linux Security Advisory for curl: ALAS2-2021-1653"},{"cve":"CVE-2021-22898","qid":"352482","title":"Amazon Linux Security Advisory for curl: ALAS-2021-1509"},{"cve":"CVE-2021-22898","qid":"352823","title":"Amazon Linux Security Advisory for curl: AL2012-2021-347"},{"cve":"CVE-2021-22898","qid":"352843","title":"Amazon Linux Security Advisory for curl: ALAS2-2021-1700"},{"cve":"CVE-2021-22898","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2021-22898","qid":"378883","title":"Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)"},{"cve":"CVE-2021-22898","qid":"500135","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2021-22898","qid":"503786","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2021-22898","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2021-22898","qid":"670481","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2239)"},{"cve":"CVE-2021-22898","qid":"670507","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2265)"},{"cve":"CVE-2021-22898","qid":"670532","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2290)"},{"cve":"CVE-2021-22898","qid":"670567","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2325)"},{"cve":"CVE-2021-22898","qid":"670606","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2364)"},{"cve":"CVE-2021-22898","qid":"670699","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2457)"},{"cve":"CVE-2021-22898","qid":"671006","title":"EulerOS Security Update for curl (EulerOS-SA-2021-2577)"},{"cve":"CVE-2021-22898","qid":"710078","title":"Gentoo Linux cURL Multiple vulnerabilities (GLSA 202105-36)"},{"cve":"CVE-2021-22898","qid":"750038","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1763-1)"},{"cve":"CVE-2021-22898","qid":"750040","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1762-1)"},{"cve":"CVE-2021-22898","qid":"750044","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1763-1)"},{"cve":"CVE-2021-22898","qid":"750046","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1762-1)"},{"cve":"CVE-2021-22898","qid":"750055","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1786-1)"},{"cve":"CVE-2021-22898","qid":"750062","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1762-1)"},{"cve":"CVE-2021-22898","qid":"750081","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2021:1809-1)"},{"cve":"CVE-2021-22898","qid":"750188","title":"OpenSUSE Security Update for curl (openSUSE-SU-2021:0808-1)"},{"cve":"CVE-2021-22898","qid":"750792","title":"OpenSUSE Security Update for curl (openSUSE-SU-2021:1762-1)"},{"cve":"CVE-2021-22898","qid":"900067","title":"CBL-Mariner Linux Security Update for curl 7.76.0"},{"cve":"CVE-2021-22898","qid":"901518","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (6359-1)"},{"cve":"CVE-2021-22898","qid":"902945","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (4369)"},{"cve":"CVE-2021-22898","qid":"940095","title":"AlmaLinux Security Update for curl (ALSA-2021:4511)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T18:58:25.359Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://hackerone.com/reports/1176461"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://curl.se/docs/CVE-2021-22898.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"},{"name":"[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"name":"[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2021/07/21/4"},{"name":"FEDORA-2021-83fdddca0f","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"},{"name":"FEDORA-2021-5d21b90a30","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"name":"[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"name":"DSA-5197","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.1,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2021-22898","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-03-28T18:31:55.808226Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-16T13:30:13.229Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"https://github.com/curl/curl","vendor":"n/a","versions":[{"status":"affected","version":"7.7 through 7.76.1"}]}],"descriptions":[{"lang":"en","value":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"Information Disclosure (CWE-200)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-08-29T00:06:14.000Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"tags":["x_refsource_MISC"],"url":"https://hackerone.com/reports/1176461"},{"tags":["x_refsource_MISC"],"url":"https://curl.se/docs/CVE-2021-22898.html"},{"tags":["x_refsource_MISC"],"url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"},{"name":"[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"name":"[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2021/07/21/4"},{"name":"FEDORA-2021-83fdddca0f","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"},{"name":"FEDORA-2021-5d21b90a30","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"name":"[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"name":"DSA-5197","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"support@hackerone.com","ID":"CVE-2021-22898","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"https://github.com/curl/curl","version":{"version_data":[{"version_value":"7.7 through 7.76.1"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure (CWE-200)"}]}]},"references":{"reference_data":[{"name":"https://hackerone.com/reports/1176461","refsource":"MISC","url":"https://hackerone.com/reports/1176461"},{"name":"https://curl.se/docs/CVE-2021-22898.html","refsource":"MISC","url":"https://curl.se/docs/CVE-2021-22898.html"},{"name":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","refsource":"MISC","url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"},{"name":"[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"},{"name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"name":"[oss-security] 20210721 [SECURITY ADVISORY] curl: TELNET stack contents disclosure again","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2021/07/21/4"},{"name":"FEDORA-2021-83fdddca0f","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"},{"name":"FEDORA-2021-5d21b90a30","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"name":"[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"CONFIRM","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"name":"DSA-5197","refsource":"DEBIAN","url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"}]}}}},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2021-22898","datePublished":"2021-06-11T15:49:37.000Z","dateReserved":"2021-01-06T00:00:00.000Z","dateUpdated":"2026-04-16T13:30:13.229Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2021-06-11 16:15:11","lastModifiedDate":"2026-04-16 14:16:11","problem_types":["CWE-200","CWE-909","CWE-200 Information Disclosure (CWE-200)"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7","versionEndIncluding":"7.76.1","matchCriteriaId":"45116E63-5ED9-4CBC-85D9-D6E432C06AE3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*","matchCriteriaId":"10323322-F6C0-4EA7-9344-736F7A80AA5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"C2A5B24D-BDF2-423C-98EA-A40778C01A05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*","matchCriteriaId":"DF616620-88CE-4A77-B904-C1728A2E6F9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"3AA09838-BF13-46AC-BB97-A69F48B73A8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"175B97A7-0B00-4378-AD9F-C01B6D9FD570"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.2.4.047","matchCriteriaId":"6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0","versionEndExcluding":"21.3","matchCriteriaId":"3197F464-F0A5-4BD4-9068-65CD448D8F4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.34","matchCriteriaId":"B029E259-2B7F-4491-9CB1-05FD3B8245C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.15","versionEndExcluding":"8.0.25","matchCriteriaId":"262D1BF5-6417-4977-8304-E1812E94F3C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22898","Ordinal":"1","Title":"CVE-2021-22898","CVE":"CVE-2021-22898","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22898","Ordinal":"1","NoteData":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.","Type":"Description","Title":"CVE-2021-22898"},{"CveYear":"2021","CveId":"22898","Ordinal":"2","NoteData":"2021-06-11","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22898","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}