CURL-CVE-2021-22945

Source
https://curl.se/docs/CVE-2021-22945.html
Import Source
https://curl.se/docs/CURL-CVE-2021-22945.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2021-22945
Aliases
Published
2021-09-15T08:00:00Z
Modified
2024-01-16T03:42:48.528709Z
Summary
UAF and double free in MQTT sending
Details

When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.

References
Credits
    • z2_ - FINDER
    • z2_ - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.73.0
Fixed
7.79.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.73.0
7.74.0
7.75.0
7.76.0
7.76.1
7.77.0
7.78.0