Medium severity5.3NVD Advisory· Published Aug 5, 2021· Updated Apr 16, 2026
CVE-2021-22925
CVE-2021-22925
Description
curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
68- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*Range: <1.0.1.1
- cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*Range: <3.1
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- osv-coords31 versionspkg:rpm/almalinux/curlpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/curl-mini&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/curl&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/curl&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 7.61.1-22.el8+ 30 more
- (no CPE)range: < 7.61.1-22.el8
- (no CPE)range: < 7.61.1-22.el8
- (no CPE)range: < 7.61.1-22.el8
- (no CPE)range: < 7.61.1-22.el8
- (no CPE)range: < 7.66.0-lp152.3.21.1
- (no CPE)range: < 7.66.0-4.22.1
- (no CPE)range: < 7.66.0-lp152.3.21.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.66.0-4.22.1
- (no CPE)range: < 7.66.0-4.22.1
- (no CPE)range: < 7.66.0-4.22.1
- (no CPE)range: < 7.60.0-4.25.1
- (no CPE)range: < 7.60.0-11.23.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-4.25.1
- (no CPE)range: < 7.60.0-11.23.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-11.23.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-3.47.1
- (no CPE)range: < 7.60.0-4.25.1
- (no CPE)range: < 7.60.0-4.25.1
- (no CPE)range: < 7.37.0-70.71.1
Patches
Vulnerability mechanics
References
12- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party Advisory
- hackerone.com/reports/1223882nvdExploitIssue TrackingPatchThird Party Advisory
- seclists.org/fulldisclosure/2021/Sep/39nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2021/Sep/40nvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfnvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/nvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202212-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20210902-0003/nvdThird Party Advisory
- support.apple.com/kb/HT212804nvdThird Party Advisory
- support.apple.com/kb/HT212805nvdThird Party Advisory
News mentions
0No linked articles in our index yet.