CVE-2021-22925 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
A security issue has been found in curl before version 7.78.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEW_ENV variables, libcurl before version 7.78.0 could be made to pass on uninitialized data from a stack based buffer to the server. Therefore potentially revealing sensitive internal information to the server using a clear-text network protocol. This could happen because curl did not call and use sscanf() correctly when parsing the string provided by the application.

The previous curl security vulnerability CVE-2021-22898 is almost identical to this one but the fix was insufficient so this security vulnerability remained.
Group Package Affected Fixed Severity Status Ticket
AVG-2199 lib32-libcurl-gnutls 7.77.0-1 7.78.0-1 Medium Fixed
AVG-2198 libcurl-gnutls 7.77.0-1 7.78.0-1 Medium Fixed
AVG-2197 lib32-libcurl-compat 7.77.0-1 7.78.0-1 Medium Fixed
AVG-2196 libcurl-compat 7.77.0-1 7.78.0-1 Medium Fixed
AVG-2195 lib32-curl 7.77.0-1 7.78.0-1 Medium Fixed
AVG-2194 curl 7.77.0-1 7.78.0-1 Medium Fixed
Date Advisory Group Package Severity Type
21 Jul 2021 ASA-202107-64 AVG-2199 lib32-libcurl-gnutls Medium multiple issues
21 Jul 2021 ASA-202107-63 AVG-2198 libcurl-gnutls Medium multiple issues
21 Jul 2021 ASA-202107-62 AVG-2197 lib32-libcurl-compat Medium multiple issues
21 Jul 2021 ASA-202107-61 AVG-2196 libcurl-compat Medium multiple issues
21 Jul 2021 ASA-202107-60 AVG-2195 lib32-curl Medium multiple issues
21 Jul 2021 ASA-202107-59 AVG-2194 curl Medium multiple issues
References
https://curl.se/docs/CVE-2021-22925.html
https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a
Notes
Workaround
==========

The flaw can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.