Robbotic

**Name of the Vulnerable Software and Affected Versions** libcurl versions prior to 7.86.0 **Description** When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT READFUNCTION`) to ask for data to send, even when the `CURLOPT POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a `PUT` to a `POST`. **Recommendations** Update to libcurl version 7.86.0 or later to resolve the issue. As a temporary workaround, consider disabling the `CURLOPT READFUNCTION` callback when switching from a `PUT` to a `POST` request to minimize the risk of exploitation. Restrict access to the `CURLOPT READFUNCTION` callback to prevent unauthorized use. Avoid reusing handles for different types of requests to prevent confusion between `PUT` and `POST` requests.