Bug 2001527 (CVE-2021-22945)
Summary: | CVE-2021-22945 curl: use-after-free and double-free in MQTT sending | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | amctagga, andrew.slice, anharris, bdettelb, bniver, bodavis, caswilli, csutherl, dbhole, fjansen, flucifre, gkamathe, gmeno, gzaronik, hhorak, hvyas, jclere, jorton, jwong, jwon, kanderso, kaycoth, kdudka, krathod, luhliari, lvaleeva, mbenjamin, mhackett, msekleta, mturk, omajid, paul, pjindal, psegedy, rwagner, security-response-team, sostapov, svashisht, szappis, vereddy, vmugicag |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | curl-7.79.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in libcurl. When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again. The highest threat from this vulnerability is to data confidentiality as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-17 13:16:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2001541, 2004362, 2004647 | ||
Bug Blocks: | 2001529 |
Description
Dhananjay Arunesh
2021-09-06 10:02:37 UTC
Created curl tracking bugs for this issue: Affects: fedora-all [bug 2004362] Marking dotnetv3.1 as NOT affected and closing its tracker as it uses curl v7.61 that isn't affected by this CVE. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-22945 |