Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202106-7 - log back

ASA-202106-7 edited at 03 Jun 2021 08:47:02

Workaround

-	- CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+	- CVE-2021-22898 can be mitigated by avoiding to use the -t command
+	line option and CURLOPT_TELNETOPTIONS.
	- No known workaround exists for CVE-2021-22901.

Impact

-	curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
+	curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used.
+	Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.

ASA-202106-7 edited at 01 Jun 2021 16:37:51

Workaround

+	- CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+	- No known workaround exists for CVE-2021-22901.

Impact

+	curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.

ASA-202106-7 created at 01 Jun 2021 16:37:40