CVE-2021-22898 - AskarLabs CVE Database

CVE-2021-22898

Vendor N/A

Product https://github.com/curl/curl

Weakness CWE-200 · Info exposure

Published June 11, 2021

Last update April 16, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Key dates

02Disclosure timeline

June 11, 2021 CVE published

April 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22898

Related vulnerabilities

04Related CVE

CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak CVE-2023-5545 Moodle: auto-populated h5p author name causes a potential information leak CVE-2025-15508 Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio