Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9j2c-vm53-wcvm

Опубликовано: 30 мар. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 5.9

Описание

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

EPSS

Процентиль: 16%
0.00053
Низкий

5.9 Medium

CVSS3

Дефекты

CWE-415

Связанные уязвимости

CVSS3: 5.9
ubuntu
больше 2 лет назад

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

CVSS3: 5.6
redhat
больше 2 лет назад

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

CVSS3: 5.9
nvd
больше 2 лет назад

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

CVSS3: 5.9
msrc
больше 2 лет назад

Описание отсутствует

CVSS3: 5.9
debian
больше 2 лет назад

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS ...

EPSS

Процентиль: 16%
0.00053
Низкий

5.9 Medium

CVSS3

Дефекты

CWE-415