CVE-2021-22945

Summary

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/curl/curlcurl 7.73.0 to and including 7.78.0affected

Weaknesses

  • CWE-415: Double Free (CWE-415)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References