Published: 23/09/2021 Updated: 27/03/2024

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

A use-after-free security issue has been found in the MQTT sending component of curl prior to 7.79.0. When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx libcurl
fedoraproject fedora 33
fedoraproject fedora 35
netapp cloud backup -
netapp clustered data ontap -
oracle mysql server
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
netapp solidfire_baseboard_management_controller_firmware -
apple macos
siemens sinec ins
debian debian linux 11.0
splunk universal forwarder 9.1.0
splunk universal forwarder

Multiple security vulnerabilities have been discovered in cURL, an URL transfer library These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack For the stable distribution (bullseye), these problems have been fixed in version 7740-13+deb11u2 We ...

A flaw was found in libcurl When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again The highest threat from this vulnerability is to data confidentiality as well as system availability (CVE-2021-22945) A flaw was found in curl This flaw lies in the --ssl-reqd option o ...

A use-after-free security issue has been found in the MQTT sending component of curl before 7790 When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again ...

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...

Critical Infrastructure Sectors: Critical Manufacturing

Critical Infrastructure Sectors: Energy

Demonstrating the Trivy Operator and its capabilities

Automatic security and config scan by Trivy This lab uses the Trivy operator to on-the-fly scan workloads that's applied to the cluster The reports are properly placed in the ownership hierarchy so that the Kubernetes scheduler and garbage collector will clean up and keep the data up to date Preparation Bootstrap a new kubernetes lab cluster with Kind cat <&lt

CWE-415 https://hackerone.com/reports/1269242 https://www.oracle.com/security-alerts/cpuoct2021.html https://security.netapp.com/advisory/ntap-20211029-0003/https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://support.apple.com/kb/HT213183 http://seclists.org/fulldisclosure/2022/Mar/29 https://www.debian.org/security/2022/dsa-5197 https://security.gentoo.org/glsa/202212-01 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5197 https://github.com/emilkje/trivy-operator-lab https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09 https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://security.archlinux.org/CVE-2021-22945

CVE-2021-22945

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect