Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-22901

libcurl before version 7.77.0 can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. The flaw can only happen in libcurl built to use OpenSSL.

Source

Severity High

Remote Yes

Type Arbitrary code execution

Description

libcurl before version 7.77.0 can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. The flaw can only happen in libcurl built to use OpenSSL.

AVG-1998 lib32-libcurl-compat 7.76.1-1 High Vulnerable

AVG-1997 libcurl-compat 7.76.1-1 High Vulnerable

AVG-1996 lib32-curl 7.76.1-1 High Vulnerable

AVG-1995 curl 7.76.1-1 High Vulnerable

https://curl.se/docs/CVE-2021-22901.html
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect