A heap use-after-free flaw was found in curl versions from 7.59.0 up to and including 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 18.04 |