curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
The product uses or accesses a resource that has not been initialized.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Haxx | 7.7 (including) | 7.78.0 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | curl-0:7.61.1-22.el8 | * |
| Curl | Ubuntu | bionic | * |
| Curl | Ubuntu | devel | * |
| Curl | Ubuntu | esm-infra/xenial | * |
| Curl | Ubuntu | focal | * |
| Curl | Ubuntu | groovy | * |
| Curl | Ubuntu | hirsute | * |
| Curl | Ubuntu | impish | * |
| Curl | Ubuntu | jammy | * |
| Curl | Ubuntu | kinetic | * |
| Curl | Ubuntu | lunar | * |
| Curl | Ubuntu | trusty | * |
| Curl | Ubuntu | trusty/esm | * |
| Curl | Ubuntu | upstream | * |
| Curl | Ubuntu | xenial | * |