SB2021072293 - Ubuntu update for curl

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021072293

SB2021072293 - Ubuntu update for curl

Published: July 22, 2021

Security Bulletin ID SB2021072293
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Use of uninitialized variable (CVE-ID: CVE-2021-22898)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Proof of concept:

curl telnet://example.com -tNEW_ENV=a,bbbbbb (256 'b's)

2) Improper Certificate Validation (CVE-ID: CVE-2021-22924)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to errors in the logic when the config matching function does not take "issuer cert" into account and it compares the involved paths case insensitively. A remote attacker can gain access to sensitive information on the system.


3) Use of Uninitialized Variable (CVE-ID: CVE-2021-22925)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.


Remediation

Install update from vendor's website.

References