Ubuntu update for curl

1) Use of uninitialized variable

EUVDB-ID: #VU53587

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-22898

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Proof of concept:

curl telnet://example.com -tNEW_ENV=a,bbbbbb (256 'b's)

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

Ubuntu: 16.04

libcurl3-nss (Ubuntu package): before 7.47.01u buntu2.19+esm3

libcurl3-gnutls (Ubuntu package): before 7.47.01u buntu2.19+esm3

libcurl3 (Ubuntu package): before 7.47.01u buntu2.19+esm3

curl (Ubuntu package): before 7.47.01u buntu2.19+esm3

CPE2.3

• cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:libcurl3-nss_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:libcurl3-gnutls_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:libcurl3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:curl_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5021-2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of Uninitialized Variable

EUVDB-ID: #VU55149

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-22925

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

Ubuntu: 16.04

libcurl3-nss (Ubuntu package): before 7.47.01u buntu2.19+esm3

libcurl3-gnutls (Ubuntu package): before 7.47.01u buntu2.19+esm3

libcurl3 (Ubuntu package): before 7.47.01u buntu2.19+esm3

curl (Ubuntu package): before 7.47.01u buntu2.19+esm3

CPE2.3

• cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:libcurl3-nss_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:libcurl3-gnutls_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:libcurl3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:curl_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5021-2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.