CURL-CVE-2026-8925

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2026-8925.html

Import Source

https://curl.se/docs/CURL-CVE-2026-8925.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2026-8925

Aliases

CVE-2026-8925

Published

2026-06-24T08:00:00Z

Modified

2026-06-24T14:05:44.665931Z

Summary

SASL double-free

Details

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free() the same pointer twice.

Database specific

{
    "affects": "both",
    "package": "curl",
    "CWE": {
        "desc": "Double Free",
        "id": "CWE-415"
    },
    "www": "https://curl.se/docs/CVE-2026-8925.html",
    "URL": "https://curl.se/docs/CVE-2026-8925.json",
    "issue": "https://hackerone.com/reports/3735193",
    "last_affected": "8.20.0",
    "severity": "Medium"
}

References

Credits

- Joshua Rogers (Aisle Research) - FINDER
- Viktor Szakats - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

8.15.0

Fixed

8.21.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

ab650379a8c25ca952f651476d25b4cdd77bb3fc

Fixed

3da249e1f0716c06644ed3522a37a8bf81808012

Affected versions

8.*

8.15.0

8.16.0

8.17.0

8.18.0

8.19.0

8.20.0

Other

curl-8_15_0

curl-8_16_0

curl-8_17_0

curl-8_18_0

curl-8_19_0

curl-8_20_0

rc-8_18_0-1

rc-8_18_0-2

rc-8_18_0-3

rc-8_19_0-1

rc-8_19_0-2

rc-8_19_0-3

rc-8_20_0-1

rc-8_20_0-2

rc-8_20_0-3

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "source": "https://github.com/curl/curl.git/commit/3da249e1f0716c06644ed3522a37a8bf81808012",
        "signature_version": "v1",
        "target": {
            "file": "lib/vauth/gsasl.c",
            "function": "Curl_auth_gsasl_is_supported"
        },
        "id": "CURL-CVE-2026-8925-2119fa0c",
        "deprecated": false,
        "digest": {
            "function_hash": "302084604714407525692251374694272900329",
            "length": 369.0
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/curl/curl.git/commit/3da249e1f0716c06644ed3522a37a8bf81808012",
        "signature_version": "v1",
        "target": {
            "file": "lib/vauth/gsasl.c"
        },
        "id": "CURL-CVE-2026-8925-3f7f0884",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "317222883309502823860142597895135200148",
                "331108732736569959240708242580802890926",
                "35931978830601830520329644919584359428",
                "316091287703603607087007343834677822635",
                "286034720472754720016913912006726094777",
                "95164131527673258171731104945717953672",
                "10060228462306698533293701394813706719"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://curl.se/docs/CURL-CVE-2026-8925.json"

vanir_signatures_modified

"2026-06-24T14:05:44Z"