CURL-CVE-2025-0665

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2025-0665.html
Import Source
https://curl.se/docs/CURL-CVE-2025-0665.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2025-0665
Aliases
Published
2025-02-05T08:00:00Z
Modified
2025-05-15T17:48:29Z
Summary
eventfd double close
Details

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Database specific 
{
    "www": "https://curl.se/docs/CVE-2025-0665.html",
    "CWE": {
        "id": "CWE-1341",
        "desc": "Multiple Releases of Same Resource or Handle"
    },
    "severity": "Low",
    "issue": "https://hackerone.com/reports/2954286",
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2025-0665.json",
    "award": {
        "amount": "505",
        "currency": "USD"
    },
    "affects": "both",
    "last_affected": "8.11.1"
}
References
Credits
    • Christian Heusel - FINDER
    • Andy Pan - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
8.11.1
Fixed
8.12.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
92124838c6b7e09e3f35ff84e1eb63cf0105c9b5
Fixed
ff5091aa9f73802e894b1cbdf24ab84e103200e2

Affected versions

8.*

8.11.1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "lib/asyn-thread.c",
            "function": "destroy_thread_sync_data"
        },
        "digest": {
            "length": 386.0,
            "function_hash": "330746453560057327595202474110269703424"
        },
        "id": "CURL-CVE-2025-0665-8a1d0519",
        "signature_type": "Function",
        "source": "https://github.com/curl/curl.git/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "lib/asyn-thread.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "332922935470749792573867805379503604001",
                "270402022324605171628271509787427407970",
                "325748360549732944034300747162180532004",
                "82281272682367692068585845682578917187",
                "198747049406871451145987131241229838375",
                "294513380310706942675812105694619897334"
            ]
        },
        "id": "CURL-CVE-2025-0665-f8e1c049",
        "signature_type": "Line",
        "source": "https://github.com/curl/curl.git/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2",
        "signature_version": "v1"
    }
]