CVE-2021-22945 — Double Free in Libcurl

CWE-415 — Double Free CWE-416 — Use After Free12 documents10 sources

Severity

9.1CRITICALNVD

EPSS

0.4%

top 42.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Apple Macos Siemens Sinec INS +6 more

Timeline

PublishedSep 23

Latest updateMay 24

Description

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages8 packages

▶NVDhaxx/libcurl7.73.0 — 7.78.0

▶NVDoracle/mysql_server5.7.0 — 5.7.35+1

▶NVDapple/macos12.0.0 — 12.3

▶NVDsiemens/sinec_ins< 1.0.1.1

▶NVDsplunk/universal_forwarder8.2.0 — 8.2.12+2

Also affects: Debian Linux 11.0, Fedora 33, 35

Patches

Patch: cert-portal.siemens.com ↗Patch: hackerone.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-22mx-9r92-42g8: When sending data to an MQTT server, libcurl <= 7↗2022-05-24

▶

OSV

CVE-2021-22945: When sending data to an MQTT server, libcurl <= 7↗2021-09-23

▶

CVEList

CVE-2021-22945: When sending data to an MQTT server, libcurl <= 7↗2021-09-23

▶

OSV

curl vulnerabilities↗2021-09-21

▶

OSV

curl vulnerabilities↗2021-09-15

▶

📋Vendor Advisories

Apple

CVE-2021-22945: macOS Monterey 12.3↗2022-03-14

▶

Ubuntu

curl vulnerabilities↗2021-09-15

▶

Red Hat

curl: use-after-free and double-free in MQTT sending↗2021-09-15

▶

Microsoft

When sending data to an MQTT server libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to ↗2021-09-14

▶

Debian

CVE-2021-22945: curl - When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some ...↗2021

▶

💬Community

HackerOne

CVE-2021-22945: UAF and double-free in MQTT sending↗2021-09-15

▶