A security issue has been found in curl before version 7.78.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEW_ENV variables, libcurl before version 7.78.0 could be made to pass on uninitialized data from a stack based buffer to the server. Therefore potentially revealing sensitive internal information to the server using a clear-text network protocol. This could happen because curl did not call and use sscanf() correctly when parsing the string provided by the application. The previous curl security vulnerability CVE-2021-22898 is almost identical to this one but the fix was insufficient so this security vulnerability remained.
|21 Jul 2021||ASA-202107-64||AVG-2199||lib32-libcurl-gnutls||Medium||multiple issues|
|21 Jul 2021||ASA-202107-63||AVG-2198||libcurl-gnutls||Medium||multiple issues|
|21 Jul 2021||ASA-202107-62||AVG-2197||lib32-libcurl-compat||Medium||multiple issues|
|21 Jul 2021||ASA-202107-61||AVG-2196||libcurl-compat||Medium||multiple issues|
|21 Jul 2021||ASA-202107-60||AVG-2195||lib32-curl||Medium||multiple issues|
|21 Jul 2021||ASA-202107-59||AVG-2194||curl||Medium||multiple issues|
Workaround ========== The flaw can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.