Wind River Support Network

HomeDefectsLIN1018-7990
Fixed

LIN1018-7990 : Security Advisory - curl - CVE-2021-22925

Created: Jul 21, 2021    Updated: Aug 23, 2021
Resolved Date: Aug 23, 2021
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

curl supports the '-t' command line option, known as 'CURLOPT_TELNETOPTIONS'in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending 'NEW_ENV' variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

https://nvd.nist.gov/vuln/detail/CVE-2021-22925

CVEs


Live chat
Online