cve/2021/CVE-2021-22898.md

### [CVE-2021-22898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898)
![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.7%20through%207.76.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure%20(CWE-200)&color=brightgreen)

### Description

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

### POC

#### Reference
- https://curl.se/docs/CVE-2021-22898.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/devopstales/trivy-operator
- https://github.com/falk-werner/cve-check
- https://github.com/fokypoky/places-list
- https://github.com/kenlavbah/log4jnotes
- https://github.com/n0-traces/cve_monitor