Calling curl_easy_pause() within the event-based CURLMOPT_SOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.14.1-2ubuntu1.4"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.14.1-2ubuntu1.4"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.14.1-2ubuntu1.4"
}
],
"priority_reason": "Upstream defined this as low severity"
}
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.18.0-1ubuntu2.2"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.18.0-1ubuntu2.2"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.18.0-1ubuntu2.2"
}
],
"priority_reason": "Upstream defined this as low severity"
}