CVE-2021-22945

CRITICAL

libcurl <= 7.73.0, 7.78.0 - Use After Free

Title source: llm

Description

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

References (10)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Mar/29

[Patch, Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

[Exploit, Patch, Third Party Advisory] https://hackerone.com/reports/1269242

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

[Third Party Advisory] https://security.gentoo.org/glsa/202212-01

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20211029-0003/

[Third Party Advisory] https://support.apple.com/kb/HT213183

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5197

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2021.html

Scores

CVSS v3 9.1

EPSS 0.0035

EPSS Percentile 57.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (19)

haxx/libcurl < 7.78.0

fedoraproject/fedora

netapp/cloud_backup

netapp/clustered_data_ontap

oracle/mysql_server < 5.7.35

netapp/h300s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

netapp/h300e_firmware

netapp/h500e_firmware

netapp/h700e_firmware

netapp/h410s_firmware

netapp/solidfire_baseboard_management_controller_firmware

apple/macos < 12.3

... and 4 more

Timeline

Published Sep 23, 2021

Tracked Since Feb 18, 2026