Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202107-64 - log back

ASA-202107-64 edited at 22 Jul 2021 15:56:50

Workaround

-	CVE-2021-22925 can be mitigated by avoiding to use CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.
+	CVE-2021-22925 can be mitigated by avoiding to use
+	CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.

Impact

-	libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used. Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections.
+	libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used.
+	Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections.

ASA-202107-64 edited at 21 Jul 2021 21:46:55

Workaround

+	CVE-2021-22925 can be mitigated by avoiding to use CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.

Impact

+	libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used. Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections.

ASA-202107-64 created at 21 Jul 2021 21:46:46