Double Free
CVE-2021-22945
Summary
When sending data to an MQTT server, libcurl 7.73.0 through 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area, and both use that again in a subsequent call to send data and also free it *again*.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
References
Advisory Timeline
- Published