CURL-CVE-2025-0665

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-0665.html

Import Source

https://curl.se/docs/CURL-CVE-2025-0665.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2025-0665

Aliases

CVE-2025-0665

Published

2025-02-05T08:00:00Z

Modified

2025-02-05T23:17:44Z

Summary

eventfd double close

Details

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Database specific

{
    "CWE": {
        "id": "CWE-1341",
        "desc": "Multiple Releases of Same Resource or Handle"
    },
    "award": {
        "amount": "505",
        "currency": "USD"
    },
    "URL": "https://curl.se/docs/CVE-2025-0665.json",
    "package": "curl",
    "severity": "Low",
    "issue": "https://hackerone.com/reports/2954286",
    "www": "https://curl.se/docs/CVE-2025-0665.html",
    "last_affected": "8.11.1"
}

References

Credits

- Christian Heusel - FINDER
- Andy Pan - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

8.11.1

Fixed

8.12.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

92124838c6b7e09e3f35ff84e1eb63cf0105c9b5

Fixed

ff5091aa9f73802e894b1cbdf24ab84e103200e2

Affected versions

8.*

8.11.1