Double Free Vulnerability in libcurl <= 7.73.0 and 7.78.0 when Sending Data to MQTT Server

Double Free Vulnerability in libcurl <= 7.73.0 and 7.78.0 when Sending Data to MQTT Server

CVE-2021-22945 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Learn more about our Cis Benchmark Audit For Server Software.