Skip to main content

Double Free


Severity High
Score 9.1/10


When sending data to an MQTT server, libcurl 7.73.0 through 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area, and both use that again in a subsequent call to send data and also free it *again*.

  • LOW
  • NONE
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Advisory Timeline

  • Published