GHSA-wjq8-x4qm-6mmhCriticalCVSS 9.8
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream...
🔗 CVE IDs covered (1)
📋 Description
A use-after-free vulnerability exists in libcurl when an application
configures an HTTP/2 stream-dependency tree via CURLOPT_STREAM_DEPENDS or
CURLOPT_STREAM_DEPENDS_E, subsequently invokes curl_easy_reset(), and
finally terminates the handle with curl_easy_cleanup(). During this final
cleanup phase, libcurl attempts to access and modify an internal structure
that was already freed during the reset operation.