JLSEC-2026-421

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-421.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-421.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-421
Upstream
  • EUVD-2025-1809
  • GHSA-cc57-hgv8-p56r
Published
2026-05-04T13:12:06.605Z
Modified
2026-05-04T13:32:23.378678149Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
Summary
libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection...
Details

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Database specific 
{
    "sources": [
        {
            "published": "2025-02-05T10:15:22.857Z",
            "modified": "2026-03-17T18:16:14.243Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-0665",
            "id": "CVE-2025-0665",
            "imported": "2026-05-02T08:39:48.893Z",
            "database_specific": {
                "status": "Modified"
            },
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0665"
        },
        {
            "published": "2025-02-05T12:33:07Z",
            "modified": "2025-03-07T03:32:33Z",
            "url": "https://api.github.com/advisories/GHSA-cc57-hgv8-p56r",
            "id": "GHSA-cc57-hgv8-p56r",
            "imported": "2026-05-02T08:42:45.851Z",
            "html_url": "https://github.com/advisories/GHSA-cc57-hgv8-p56r"
        },
        {
            "published": "2025-02-05T09:16:49Z",
            "modified": "2026-03-17T17:42:06Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-1809",
            "id": "EUVD-2025-1809",
            "imported": "2026-05-02T08:40:06.757Z",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-1809"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / CURL_jll

Package

Name
CURL_jll
Purl
pkg:julia/CURL_jll?uuid=b21e61f3-bafc-59ac-ab14-4c5c62d6588d

Affected ranges

Type
SEMVER
Events
Introduced
8.11.1+0
Fixed
8.13.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-421.json"

Julia / LibCURL_jll

Package

Name
LibCURL_jll
Purl
pkg:julia/LibCURL_jll?uuid=deac9b47-8bc7-5906-a0fe-35ac56dc84c0

Affected ranges

Type
SEMVER
Events
Introduced
8.11.1+0
Fixed
8.12.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-421.json"