When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
Created curl tracking bugs for this issue:
Affects: fedora-all [bug 2004362]
Marking dotnetv3.1 as NOT affected and closing its tracker as it uses curl v7.61 that isn't affected by this CVE.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):