CVE-2026-3805

Опубликовано: 11 мар. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

Ссылки

https://curl.se/docs/CVE-2026-3805.html
Patch
Vendor Advisory
https://curl.se/docs/CVE-2026-3805.json
Vendor Advisory
https://hackerone.com/reports/3591944
Exploit
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/03/11/4
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Версия от 8.13.0 (включая) до 8.19.0 (исключая)

EPSS

Процентиль: 12%

0.00039

Низкий

7.5 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2026-3805

CVSS3: 7.5

ubuntu

15 дней назад

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

CVE-2026-3805

CVSS3: 6.3

redhat

15 дней назад

A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.

CVE-2026-3805

msrc

13 дней назад

use after free in SMB connection reuse

CVE-2026-3805

CVSS3: 7.5

debian

15 дней назад

When doing a second SMB request to the same host again, curl would wro ...

GHSA-2289-hhfc-p684

CVSS3: 7.5

github

15 дней назад

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

EPSS

Процентиль: 12%

0.00039

Низкий

7.5 High

CVSS3

Дефекты

CWE-416