Uninitialized Data Disclosure Vulnerability in curl's CURLOPT_TELNETOPTIONS

Uninitialized Data Disclosure Vulnerability in curl's CURLOPT_TELNETOPTIONS

CVE-2021-22925 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Learn more about our Cis Benchmark Audit For Server Software.