Medium severity5.3NVD Advisory· Published Aug 5, 2021· Updated Apr 16, 2026
CVE-2021-22925
CVE-2021-22925
Description
curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
Affected products
36- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*Range: <1.0.1.1
- cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*Range: <3.1
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Patches
1bfbde883af33https://github.com/curl/curlvia osv
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
12- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party Advisory
- hackerone.com/reports/1223882nvdExploitIssue TrackingPatchThird Party Advisory
- seclists.org/fulldisclosure/2021/Sep/39nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2021/Sep/40nvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfnvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/nvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202212-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20210902-0003/nvdThird Party Advisory
- support.apple.com/kb/HT212804nvdThird Party Advisory
- support.apple.com/kb/HT212805nvdThird Party Advisory
News mentions
0No linked articles in our index yet.