VYPR
Medium severity5.3NVD Advisory· Published Aug 5, 2021· Updated Apr 16, 2026

CVE-2021-22925

CVE-2021-22925

Description

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

68

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.