CVE-2021-22945

high-risk

Published 2021-09-23

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Do I need to act?

0.35% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (19)

Libcurl

Fedora

Cloud Backup

Clustered Data Ontap

Mysql Server

H300S Firmware

H500S Firmware

H700S Firmware

H300E Firmware

H500E Firmware

H700E Firmware

H410S Firmware

Solidfire Baseboard Management Controller Firmware

Macos

Sinec Ins

Debian Linux

Universal Forwarder

Affected Vendors

Debian Apple Oracle Siemens Haxx Fedoraproject Netapp Splunk

References (20)

Mailing List http://seclists.org/fulldisclosure/2022/Mar/29

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Exploit https://hackerone.com/reports/1269242

Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202212-01

Third Party Advisory https://security.netapp.com/advisory/ntap-20211029-0003/

Third Party Advisory https://support.apple.com/kb/HT213183

Third Party Advisory https://www.debian.org/security/2022/dsa-5197

Patch https://www.oracle.com/security-alerts/cpuoct2021.html