A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, subsequently invokes curl_easy_reset(), and finally terminates the handle with curl_easy_cleanup(). During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.5.0-2ubuntu10.11"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.5.0-2ubuntu10.11"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.5.0-2ubuntu10.11"
}
]
}
{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.14.1-2ubuntu1.5"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.14.1-2ubuntu1.5"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.14.1-2ubuntu1.5"
}
]
}
{
"priority_reason": "Upstream defined this as low severity",
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.18.0-1ubuntu2.3"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.18.0-1ubuntu2.3"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.18.0-1ubuntu2.3"
}
]
}