Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ph5u-5j8n-4qah
Vulnerability ID VCID-ph5u-5j8n-4qah
Aliases CVE-2021-22898
Summary Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-908 Use of Uninitialized Resource
CWE-457 Use of Uninitialized Variable
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2021-22898
cvssv3.1 Medium https://curl.se/docs/CVE-2021-22898.html
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-1995
archlinux High https://security.archlinux.org/AVG-1996
archlinux High https://security.archlinux.org/AVG-1997
archlinux High https://security.archlinux.org/AVG-1998
archlinux Medium https://security.archlinux.org/AVG-1999
archlinux Medium https://security.archlinux.org/AVG-2000
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json
https://api.first.org/data/v1/epss?cve=CVE-2021-22898
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1176461
1964887 https://bugzilla.redhat.com/show_bug.cgi?id=1964887
989228 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989228
ASA-202106-4 https://security.archlinux.org/ASA-202106-4
ASA-202106-5 https://security.archlinux.org/ASA-202106-5
ASA-202106-6 https://security.archlinux.org/ASA-202106-6
ASA-202106-7 https://security.archlinux.org/ASA-202106-7
ASA-202106-8 https://security.archlinux.org/ASA-202106-8
ASA-202106-9 https://security.archlinux.org/ASA-202106-9
AVG-1995 https://security.archlinux.org/AVG-1995
AVG-1996 https://security.archlinux.org/AVG-1996
AVG-1997 https://security.archlinux.org/AVG-1997
AVG-1998 https://security.archlinux.org/AVG-1998
AVG-1999 https://security.archlinux.org/AVG-1999
AVG-2000 https://security.archlinux.org/AVG-2000
GLSA-202105-36 https://security.gentoo.org/glsa/202105-36
RHSA-2021:4511 https://access.redhat.com/errata/RHSA-2021:4511
USN-5021-1 https://usn.ubuntu.com/5021-1/
USN-5021-2 https://usn.ubuntu.com/5021-2/
USN-5894-1 https://usn.ubuntu.com/5894-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.31806
EPSS Score 0.00126
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:14:25.607208+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202105-36 38.0.0