Wct

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 8.1.0 **Description** A use after free issue exists in the way libcurl verifies an SSH server's public key using a SHA 256 hash. When this check fails, libcurl frees the memory for the fingerprint before returning an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. **Recommendations** For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the SSH server's public key verification feature using a SHA 256 hash until a patch is available. Restrict access to sensitive information that may be leaked due to this flaw to minimize the risk of exploitation.