CVE-2020-8231 — Use After Free in Libcurl
Severity
7.5HIGHNVD
EPSS
0.2%
top 63.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 14
Latest updateMay 24
Description
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
4📋Vendor Advisories
7Microsoft▶
Due to use of a dangling pointer libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.↗2020-12-08
💬Community
4Bugzilla▶
CVE-2020-8231 curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set [fedora-all]↗2020-08-19
Bugzilla▶
CVE-2020-8231 mingw-curl: curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set [fedora-all]↗2020-08-19
Bugzilla▶
CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set↗2020-08-11