Use After Free

2023-06-0410:55:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libcurl.so

use after free

curlopt_postfields

curlopt_readfunction

http(s)

transfer

application security

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

JSON

libcurl.so is vulnerable to Use After Free. Even when the CURLOPT_POSTFIELDS option is enabled, libcurl may mistakenly use the read callback (CURLOPT_READFUNCTION) while performing HTTP(S) transfers to request data to send. The application might misbehave and send the incorrect data or use memory that is no longer available as a result of this bug. The issue arises when it is anticipated that a reused handle will be converted from a PUT to a POST.

CPENameOperatorVersion
libcurl.sole4.7.0
curl:3.17eq8.0.1-r0
curl:3.17eq7.87.0-r2
curl:3.17eq7.86.0-r1
curl:3.17eq7.87.0-r0
curl:3.17eq7.87.0-r1
curl:3.17eq7.88.1-r0
curl:3.17eq7.88.1-r1
curl:3.16eq7.83.1-r4
curl:3.16eq7.83.1-r2

Name	Operator	Version
libcurl.so	le	4.7.0
curl:3.17	eq	8.0.1-r0
curl:3.17	eq	7.87.0-r2
curl:3.17	eq	7.86.0-r1
curl:3.17	eq	7.87.0-r0
curl:3.17	eq	7.87.0-r1
curl:3.17	eq	7.88.1-r0
curl:3.17	eq	7.88.1-r1
curl:3.16	eq	7.83.1-r4
curl:3.16	eq	7.83.1-r2