#VU55149 Use of Uninitialized Variable in cURL


Published: 2021-07-21

Vulnerability identifier: #VU55149

Vulnerability risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22925

CWE-ID: CWE-457

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 7.1 - 7.77.0

External links
http://curl.haxx.se/docs/CVE-2021-22925.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
Splunk Enterprise update for third-party packages
Splunk Universal Forwarder update for third-party packages
VMware Tanzu products update for curl
Ubuntu update for curl
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Gentoo update for curl
Multiple vulnerabilities in Dell EMC VxRail Appliance
Multiple vulnerabilities in Siemens SINEMA Remote Connect Server
Multiple vulnerabilities in Siemens SINEC INS