gsd-2021-22925
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2021-22925",
    "description": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
    "id": "GSD-2021-22925",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-22925.html",
      "https://access.redhat.com/errata/RHSA-2021:4511",
      "https://ubuntu.com/security/CVE-2021-22925",
      "https://advisories.mageia.org/CVE-2021-22925.html",
      "https://security.archlinux.org/CVE-2021-22925",
      "https://linux.oracle.com/cve/CVE-2021-22925.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22925"
      ],
      "details": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
      "id": "GSD-2021-22925",
      "modified": "2023-12-13T01:23:24.977409Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2021-22925",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "https://github.com/curl/curl",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "curl 7.7 to and including 7.77.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure (CWE-200)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://hackerone.com/reports/1223882",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/1223882"
          },
          {
            "name": "FEDORA-2021-5d21b90a30",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210902-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
          },
          {
            "name": "https://support.apple.com/kb/HT212805",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212805"
          },
          {
            "name": "https://support.apple.com/kb/HT212804",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212804"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "name": "GLSA-202212-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BFF31995-A9B7-4FFE-86B1-6EAB08305586",
                    "versionEndExcluding": "7.78.0",
                    "versionStartIncluding": "7.7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                    "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                    "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                    "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                    "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
                    "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "89056ADD-BD96-4D5B-AD42-4871A8253229",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "96C3F2DF-96A5-40F2-B5C7-E961C2EE4489",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D120FD05-70E5-46AE-9B43-4F97BC8E05FE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B1C7383E-AD3C-4065-A719-96D806426266",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "752548E2-BB8F-49AB-9D80-38182232989B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4C0548BC-0134-4D90-8B03-C7BA8E2B16DA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4CE016D4-F266-4B30-AEC4-E420001D418A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C9CBE894-B368-47C3-8951-87C7A8E977A8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7172F36D-BA62-4A1F-86BF-D814FD5B1AEC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:macos:11.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "25B7EB54-4260-4F11-897E-3C97A8DF7042",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E667933A-37EA-4BC2-9180-C3B4B7038866",
                    "versionEndIncluding": "5.7.35",
                    "versionStartIncluding": "5.7.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6",
                    "versionEndIncluding": "8.0.26",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
                    "versionEndExcluding": "1.0.1.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8",
                    "versionEndExcluding": "3.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
                    "versionEndExcluding": "8.2.12",
                    "versionStartIncluding": "8.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
                    "versionEndExcluding": "9.0.6",
                    "versionStartIncluding": "9.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application."
          },
          {
            "lang": "es",
            "value": "curl soporta la opci\u00f3n de l\u00ednea de comandos \"-t\", conocida como \"CURLOPT_TELNETOPTIONS\" en libcurl. Debido a un fallo en el analizador de opciones para el env\u00edo de variables \"NEW_ENV\", libcurl podr\u00eda pasar datos no inicializados de un b\u00fafer en la regi\u00f3n stack de la memoria al servidor. Por lo tanto, podr\u00eda revelar potencialmente informaci\u00f3n interna confidencial al servidor usando un protocolo de red de texto sin cifrar. Esto podr\u00eda ocurrir porque curl no llam\u00f3 y us\u00f3 la funci\u00f3n sscanf() apropiadamente al analizar la cadena proporcionada por la aplicaci\u00f3n"
          }
        ],
        "id": "CVE-2021-22925",
        "lastModified": "2024-03-27T15:11:42.063",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-08-05T21:15:11.467",
        "references": [
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://hackerone.com/reports/1223882"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://support.apple.com/kb/HT212804"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://support.apple.com/kb/HT212805"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "sourceIdentifier": "support@hackerone.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-908"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-200"
              }
            ],
            "source": "support@hackerone.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.