Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202107-63 - log back

ASA-202107-63 edited at 22 Jul 2021 15:56:47

Workaround

-	CVE-2021-22925 can be mitigated by avoiding to use CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.
+	CVE-2021-22925 can be mitigated by avoiding to use
+	CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.

Impact

-	libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used. Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections.
+	libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used.
+	Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections.

ASA-202107-63 edited at 21 Jul 2021 21:46:42

Workaround

+	CVE-2021-22925 can be mitigated by avoiding to use CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.

Impact

+	libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used. Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections.

ASA-202107-63 created at 21 Jul 2021 21:46:33