CURL-CVE-2025-0665

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-0665.html

Import Source

https://curl.se/docs/CURL-CVE-2025-0665.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2025-0665

Aliases

CVE-2025-0665

Published

2025-02-05T08:00:00Z

Modified

2025-05-15T17:48:29Z

Summary

eventfd double close

Details

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Database specific

{
    "www": "https://curl.se/docs/CVE-2025-0665.html",
    "award": {
        "amount": "505",
        "currency": "USD"
    },
    "URL": "https://curl.se/docs/CVE-2025-0665.json",
    "CWE": {
        "desc": "Multiple Releases of Same Resource or Handle",
        "id": "CWE-1341"
    },
    "last_affected": "8.11.1",
    "issue": "https://hackerone.com/reports/2954286",
    "severity": "Low",
    "affects": "both",
    "package": "curl"
}

References

Credits

- Christian Heusel - FINDER
- Andy Pan - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

8.11.1

Fixed

8.12.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

92124838c6b7e09e3f35ff84e1eb63cf0105c9b5

Fixed

ff5091aa9f73802e894b1cbdf24ab84e103200e2

Affected versions

8.*

8.11.1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 386.0,
                "function_hash": "330746453560057327595202474110269703424"
            },
            "target": {
                "function": "destroy_thread_sync_data",
                "file": "lib/asyn-thread.c"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CURL-CVE-2025-0665-8a1d0519",
            "source": "https://github.com/curl/curl.git/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2",
            "deprecated": false
        },
        {
            "digest": {
                "line_hashes": [
                    "332922935470749792573867805379503604001",
                    "270402022324605171628271509787427407970",
                    "325748360549732944034300747162180532004",
                    "82281272682367692068585845682578917187",
                    "198747049406871451145987131241229838375",
                    "294513380310706942675812105694619897334"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "lib/asyn-thread.c"
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "id": "CURL-CVE-2025-0665-f8e1c049",
            "source": "https://github.com/curl/curl.git/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2",
            "deprecated": false
        }
    ]
}