CVE-2021-22945 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A use-after-free security issue has been found in the MQTT sending component of curl before 7.79.0. When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2389 | lib32-libcurl-gnutls | 7.78.0-1 | 7.79.0-1 | High | Fixed | |
| AVG-2388 | libcurl-gnutls | 7.78.0-1 | 7.79.0-1 | High | Fixed | |
| AVG-2387 | lib32-libcurl-compat | 7.78.0-1 | 7.79.0-1 | High | Fixed | |
| AVG-2386 | libcurl-compat | 7.78.0-1 | 7.79.0-1 | High | Fixed | |
| AVG-2385 | lib32-curl | 7.78.0-1 | 7.79.0-1 | High | Fixed | |
| AVG-2384 | curl | 7.78.0-1 | 7.79.0-1 | High | Fixed |
| References |
|---|
https://curl.se/docs/CVE-2021-22945.html https://github.com/curl/curl/commit/43157490a5054bd |