Description
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-416CWE-416
Metadata
- Primary Vendor
- HAXX
- Published
- 5/26/2023
- Last Modified
- 1/15/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
haxx : curlapple : macosapple : macosapple : macosnetapp : clustered_data_ontapnetapp : ontap_antivirus_connectornetapp : h300s_firmwarenetapp : h500s_firmwarenetapp : h700s_firmwarenetapp : h410s_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.