PT-2021-5208 · Libcurl+4 · Libcurl+4

Published

2021-09-15

Updated

2026-05-18

CVE-2021-22945

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libcurl versions 7.73.0 and 7.78.0

Description The issue is related to a boundary error when sending data to an MQTT server. This can lead to a double-free error, allowing a remote attacker to perform a denial-of-service (DoS) attack. The problem arises when libcurl erroneously keeps a pointer to an already freed memory area and uses it again in a subsequent call to send data, also freeing it again.

Recommendations For libcurl versions 7.73.0 and 7.78.0, update to version 7.79.1 to resolve the issue.

Exploit

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2021-2804

ALT-PU-2021-2856

ALT-PU-2021-2908

ALT-PU-2021-3241

ALT-PU-2021-3666

ALT-PU-2022-2171

ALT-PU-2023-1912

AZL-6368

BDU:2021-06010

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2021-22945

DSA-5197-1

MGASA-2021-0438

OESA-2021-1382

OPENSUSE-SU-2024:10582-1

USN-5079-1

USN-5079-3

USN-5079-4

Affected Products

Alt Linux

Linuxmint

Apple Macos

Ubuntu

Libcurl

PT-2021-5208 · Libcurl+4 · Libcurl+4

CVE-2021-22945

Weakness Enumeration

Related Identifiers

Affected Products

References · 362