{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T00:07:17.998","vulnerabilities":[{"cve":{"id":"CVE-2021-22898","sourceIdentifier":"support@hackerone.com","published":"2021-06-11T16:15:11.043","lastModified":"2026-04-16T14:16:11.557","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol."},{"lang":"es","value":"curl versiones 7.7 hasta 7.76.1 sufre de una divulgacion de información cuando la opción de línea de comandos \"-t\", conocida como \"CURLOPT_TELNETOPTIONS\" en libcurl, se usa para enviar pares de variables=contenido a servidores TELNET. Debido a un fallo en el analizador de opciones para el envío de variables NEW_ENV, podría hacer que libcurl pasara datos no inicializados de un búfer basado en la pila al servidor, resultando en una potencial divulgación de información interna confidencial al servidor que usaba un protocolo de red de texto sin cifrar"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-909"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7","versionEndIncluding":"7.76.1","matchCriteriaId":"45116E63-5ED9-4CBC-85D9-D6E432C06AE3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*","matchCriteriaId":"10323322-F6C0-4EA7-9344-736F7A80AA5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"C2A5B24D-BDF2-423C-98EA-A40778C01A05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*","matchCriteriaId":"DF616620-88CE-4A77-B904-C1728A2E6F9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"3AA09838-BF13-46AC-BB97-A69F48B73A8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"175B97A7-0B00-4378-AD9F-C01B6D9FD570"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.2.4.047","matchCriteriaId":"6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0","versionEndExcluding":"21.3","matchCriteriaId":"3197F464-F0A5-4BD4-9068-65CD448D8F4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.34","matchCriteriaId":"B029E259-2B7F-4491-9CB1-05FD3B8245C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.15","versionEndExcluding":"8.0.25","matchCriteriaId":"262D1BF5-6417-4977-8304-E1812E94F3C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2021/07/21/4","source":"support@hackerone.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://curl.se/docs/CVE-2021-22898.html","source":"support@hackerone.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1176461","source":"support@hackerone.com","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5197","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/07/21/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://curl.se/docs/CVE-2021-22898.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1176461","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5197","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}