ASA-202106-7 - log back

ASA-202106-7 edited at 03 Jun 2021 08:47:02
Workaround
- - CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ - CVE-2021-22898 can be mitigated by avoiding to use the -t command
+ line option and CURLOPT_TELNETOPTIONS.
- No known workaround exists for CVE-2021-22901.
Impact
- curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
+ curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used.
+ Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
ASA-202106-7 edited at 01 Jun 2021 16:37:51
Workaround
+ - CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ - No known workaround exists for CVE-2021-22901.
Impact
+ curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
ASA-202106-7 created at 01 Jun 2021 16:37:40