Double Free

CVE-2021-22945

High

9.1/10

Summary

When sending data to an MQTT server, libcurl 7.73.0 through 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area, and both use that again in a subsequent call to send data and also free it *again*.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

Advisory
Release Note
Disclosure

Advisory Timeline

Published Sep 23, 2021

Double Free

CVE-2021-22945

Summary

CWE-415 - Double Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS