libcurl before version 7.77.0 can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. The flaw can only happen in libcurl built to use OpenSSL.
libcurl before version 7.77.0 can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. The flaw can only happen in libcurl built to use OpenSSL.
https://curl.se/docs/CVE-2021-22901.html https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479