CVE-2021-22945
published 2021-09-23CVE-2021-22945: When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | >= 12.0.0 < 12.3 | 12.3 |
| apple | macos_monterey | — | — |
| debian | curl | < curl 7.79.1-1 (bookworm) | curl 7.79.1-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u2 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.16 | 7.58.0-2ubuntu3.16 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.15 | 7.58.0-2ubuntu3.15 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.7 | 7.68.0-1ubuntu2.7 |
| haxx | libcurl | 7.73.0 – 7.78.0 | — |
| https | github.com_curl_curl | — | — |
| msrc | cbl2_curl_7.82.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.76.0-6_on_cbl_mariner_1.0 | — | — |
| oracle | mysql_server | 5.7.0 – 5.7.35 | — |
| oracle | mysql_server | 8.0.0 – 8.0.26 | — |
| siemens | sinec_ins | < 1.0.1.1 | 1.0.1.1 |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL