CVE-2016-5421

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.50.1

Description A use-after-free issue exists in libcurl, allowing attackers to potentially control which connection is used or have other unspecified impacts. This issue arises when an application uses libcurl's multi interface and an easy handle is added to a multi handle. If curl multi cleanup() is called with an easy handle still added to it, a pointer to a freed connection struct can be left dangling in the easy handle. If the easy handle is then used again with curl easy perform(), it can blindly use the connection struct pointer now pointing to freed memory, potentially leading to unintended actions. This flaw can be exploited by an application allocating its own fake version of the connection struct and filling in data, causing curl easy perform() to perform unintended actions.

Recommendations For libcurl versions prior to 7.50.1, update to version 7.50.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of curl multi cleanup() with an easy handle still added to a multi handle, and ensure that easy handles are properly closed after use to minimize the risk of exploitation. Restrict access to the curl easy perform() function to prevent unintended actions until the issue is resolved.