When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.
{ "last_affected": "7.78.0", "affects": "both", "severity": "Medium", "URL": "https://curl.se/docs/CVE-2021-22945.json", "www": "https://curl.se/docs/CVE-2021-22945.html", "issue": "https://hackerone.com/reports/1269242", "award": { "currency": "USD", "amount": "1000" }, "package": "curl", "CWE": { "id": "CWE-415", "desc": "Double Free" } }
{ "vanir_signatures": [ { "id": "CURL-CVE-2021-22945-396483fd", "digest": { "line_hashes": [ "328453786080658004361491463965998398485", "252156255408452342459258152853300683062", "171447148363748109589151842825259079707", "175104515688157307960582739896490386086" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "lib/mqtt.c" }, "signature_version": "v1", "source": "https://github.com/curl/curl.git/commit/43157490a5054bd24256fe12876931e8abc9df49" }, { "id": "CURL-CVE-2021-22945-49a9eb3b", "digest": { "length": 560.0, "function_hash": "258886550320820673026644183473732966147" }, "signature_type": "Function", "deprecated": false, "target": { "file": "lib/mqtt.c", "function": "mqtt_send" }, "signature_version": "v1", "source": "https://github.com/curl/curl.git/commit/43157490a5054bd24256fe12876931e8abc9df49" } ] }