CVE-2021-22945

CVE-2021-22945

Name

CVE-2021-22945

Description

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://hackerone.com/reports/1269242
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
MISC	https://www.oracle.com/security-alerts/cpuoct2021.html
CONFIRM	https://security.netapp.com/advisory/ntap-20211029-0003/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
Patch	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Third Party Advisory	https://support.apple.com/kb/HT213183
Mailing List	http://seclists.org/fulldisclosure/2022/Mar/29

Type

URI

MISC

https://hackerone.com/reports/1269242

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

MISC

https://www.oracle.com/security-alerts/cpuoct2021.html

CONFIRM

https://security.netapp.com/advisory/ntap-20211029-0003/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/