Log

ASA-202106-13 edited at 03 Jun 2021 08:47:25
ASA-202106-12 edited at 03 Jun 2021 08:47:22
Workaround
- A workaround to mitigate the problem is to use an ACL configuration to prevent clients from using the STRALGO LCS command.
+ A workaround to mitigate the problem is to use an ACL configuration to
+ prevent clients from using the STRALGO LCS command.
- On systems running Redis version 6.2.3, it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
+ On systems running Redis version 6.2.3, it is sufficient to make sure
+ that the proto-max-bulk-len config parameter is smaller than 2GB
+ (default is 512MB).
ASA-202106-11 edited at 03 Jun 2021 08:47:17
ASA-202106-10 edited at 03 Jun 2021 08:47:14
ASA-202106-9 edited at 03 Jun 2021 08:47:10
Workaround
- The issue can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ The issue can be mitigated by avoiding to use the -t command line
+ option and CURLOPT_TELNETOPTIONS.
ASA-202106-8 edited at 03 Jun 2021 08:47:06
Workaround
- The issue can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ The issue can be mitigated by avoiding to use the -t command line
+ option and CURLOPT_TELNETOPTIONS.
ASA-202106-7 edited at 03 Jun 2021 08:47:02
Workaround
- - CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ - CVE-2021-22898 can be mitigated by avoiding to use the -t command
+ line option and CURLOPT_TELNETOPTIONS.
- No known workaround exists for CVE-2021-22901.
Impact
- curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
+ curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used.
+ Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
ASA-202106-6 edited at 03 Jun 2021 08:46:54
Workaround
- - CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ - CVE-2021-22898 can be mitigated by avoiding to use the -t command
+ line option and CURLOPT_TELNETOPTIONS.
- No known workaround exists for CVE-2021-22901.
Impact
- curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
+ curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used.
+ Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
ASA-202106-5 edited at 03 Jun 2021 08:46:50
Workaround
- - CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ - CVE-2021-22898 can be mitigated by avoiding to use the -t command
+ line option and CURLOPT_TELNETOPTIONS.
- No known workaround exists for CVE-2021-22901.
Impact
- curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
+ curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used.
+ Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
ASA-202106-4 edited at 03 Jun 2021 08:46:47
Workaround
- - CVE-2021-22898 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS.
+ - CVE-2021-22898 can be mitigated by avoiding to use the -t command
+ line option and CURLOPT_TELNETOPTIONS.
- No known workaround exists for CVE-2021-22901.
Impact
- curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used. Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.
+ curl could disclose potentially sensitive memory information to a remote server over Telnet when an uncommon option is used.
+ Additionally, a remote attacker could cause arbitrary code execution through a crafted TLS handshake.