The curl logic that works with SASL authentication could end up cleaning up
the GSASL context twice without clearing the pointer in between, making it
free() the same pointer twice.
{
"package": "curl",
"affects": "both",
"last_affected": "8.20.0",
"CWE": {
"id": "CWE-415",
"desc": "Double Free"
},
"issue": "https://hackerone.com/reports/3735193",
"severity": "Medium",
"www": "https://curl.se/docs/CVE-2026-8925.html",
"URL": "https://curl.se/docs/CVE-2026-8925.json"
}[
{
"id": "CURL-CVE-2026-8925-2119fa0c",
"digest": {
"length": 369.0,
"function_hash": "302084604714407525692251374694272900329"
},
"target": {
"function": "Curl_auth_gsasl_is_supported",
"file": "lib/vauth/gsasl.c"
},
"signature_version": "v1",
"source": "https://github.com/curl/curl.git/commit/3da249e1f0716c06644ed3522a37a8bf81808012",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CURL-CVE-2026-8925-3f7f0884",
"digest": {
"line_hashes": [
"317222883309502823860142597895135200148",
"331108732736569959240708242580802890926",
"35931978830601830520329644919584359428",
"316091287703603607087007343834677822635",
"286034720472754720016913912006726094777",
"95164131527673258171731104945717953672",
"10060228462306698533293701394813706719"
],
"threshold": 0.9
},
"target": {
"file": "lib/vauth/gsasl.c"
},
"signature_version": "v1",
"source": "https://github.com/curl/curl.git/commit/3da249e1f0716c06644ed3522a37a8bf81808012",
"deprecated": false,
"signature_type": "Line"
}
]
"https://curl.se/docs/CURL-CVE-2026-8925.json"
"2026-07-07T18:35:07Z"