exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2021-22945

Status Candidate

Overview

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Related Files

Gentoo Linux Security Advisory 202212-01
Posted Dec 19, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-22922, CVE-2021-22923, CVE-2021-22925, CVE-2021-22926, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781
SHA-256 | e297fe6f1bca3eb09660ab5922cdfac1c9a3279734e9e89e74cc758a3e08ac46
Debian Security Advisory 5197-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5197-1 - Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-22898, CVE-2021-22924, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207
SHA-256 | 77ef9f5619851e18009af5092abdfe753f0a668e45b9771f079b64a5b7aa8eca
Apple Security Advisory 2022-03-14-4
Posted Mar 15, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-03-14-4 - macOS Monterey 12.3 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-30918, CVE-2021-36976, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-22582, CVE-2022-22597, CVE-2022-22599, CVE-2022-22600, CVE-2022-22609, CVE-2022-22610, CVE-2022-22611, CVE-2022-22612, CVE-2022-22613, CVE-2022-22614, CVE-2022-22615, CVE-2022-22616
SHA-256 | b1fc63b333f7de2af86c93eb24f76f251c983c5e8e7dd47bf132df37097eff6a
Ubuntu Security Notice USN-5079-3
Posted Sep 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-3 - USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
SHA-256 | 0ed5cbb6171e4f59bf66a7fec9639c782a0a1b53c8e5cbbf6e468d1dda90bf96
Ubuntu Security Notice USN-5079-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
SHA-256 | 33a734d871c8bed97d25050dd5bf6ab7df0fb69274d554d1083bd6cb8dc39da0
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close