Bagders

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 7.87.0 **Description** A use after free vulnerability exists in curl. The issue arises when curl is asked to tunnel virtually all protocols it supports through an HTTP proxy, and the proxy denies such tunnel operations for specific protocols like SMB or TELNET. In the transfer shutdown code path, curl would use a heap-allocated struct after it had been freed. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 7.87.0, update to version 7.87.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTTP proxies that deny tunnel operations for SMB or TELNET protocols to minimize the risk of exploitation. Avoid using curl to tunnel these protocols through an HTTP proxy until the issue is resolved.