CURL-CVE-2021-22945

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2021-22945.html

Import Source

https://curl.se/docs/CURL-CVE-2021-22945.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2021-22945

Aliases

CVE-2021-22945

Published

2021-09-15T08:00:00Z

Modified

2024-01-16T03:42:48.528709Z

Summary

UAF and double free in MQTT sending

Details

When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.

References

Credits

- z2_ - FINDER
- z2_ - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.73.0

Fixed

7.79.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

2522903b792ac5a802f780df60dc4647c58e2477

Fixed

43157490a5054bd24256fe12876931e8abc9df49

Affected versions

7.*

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0