VDB
ALPINE-CVE-2021-22925
ALPINE-CVE-2021-22925
PUBLISHED
CVSS 5.300000190734863 MEDIUM
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.16 | curl | 7.77.0-r1, 7.77.0-r0, 7.76.1-r0 |
| Alpine:v3.17 | curl | 7.43.0-r0, 7.77.0-r1, 7.77.0-r0 |
| Alpine:v3.14 | curl | 7.77.0-r0, 7.76.1-r0, 7.76.0-r0 |
| Alpine:v3.19 | curl | 7.77.0-r1, 7.19.2-r1, 7.19.4-r0 |
| Alpine:v3.15 | curl | 7.19.2-r0, 7.19.4-r0, 7.19.5-r0 |
| Alpine:v3.22 | curl | 7.48.0-r0, 7.77.0-r0, 7.76.1-r0 |
| Alpine:v3.23 | curl | 7.21.3-r0, 0, 7.19.2-r0 |
| Alpine:v3.12 | curl | 7.62.0-r1, 7.77.0-r0, 7.76.1-r0 |
| Alpine:v3.18 | curl | 7.53.1-r3, 7.54.0-r0, 7.55.1-r0 |
| Alpine:v3.11 | curl | 7.21.4-r1, 7.39.0-r0, 7.40.0-r0 |
| Alpine:v3.21 | curl | 7.21.3-r1, 7.77.0-r1, 7.77.0-r0 |
| Alpine:v3.20 | curl | 7.77.0-r1, 7.77.0-r0, 7.76.1-r0 |
| Alpine:v3.13 | curl | 0, 7.19.2-r0, 7.19.2-r1 |
Timeline
- Aug 5, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch