CVE-2021-22945

Updated: 2024-03-27 21:20:38.982584

Description:

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.8
CVSS Version 3.x CRITICAL 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU curl 7.76.1 9.1 CRITICAL Not Vulnerable 2023-11-08 08:36:05
CentOS 6 ELS mysql 5.1.73 9.1 CRITICAL Not Vulnerable 2022-07-18 17:02:16
CentOS 6 ELS curl 7.19.7 9.1 CRITICAL Not Vulnerable 2022-04-15 12:59:25
CentOS 8.4 ELS mysql 8.0.26 9.1 CRITICAL Not Vulnerable 2022-04-15 12:59:39
CentOS 8.5 ELS mysql 8.0.26 9.1 CRITICAL Not Vulnerable 2022-04-15 12:59:39
CloudLinux 6 ELS mysql 5.1.73 9.1 CRITICAL Not Vulnerable 2022-07-18 17:02:16
CloudLinux 6 ELS curl 7.19.7 9.1 CRITICAL Not Vulnerable 2022-04-15 12:59:25
Oracle Linux 6 ELS mysql 5.1.73 9.1 CRITICAL Not Vulnerable 2022-07-18 17:02:16
Oracle Linux 6 ELS curl 7.19.7 9.1 CRITICAL Not Vulnerable 2022-04-15 12:59:25
Ubuntu 16.04 ELS mysql-5.7 5.7.33-0 9.1 CRITICAL Not Vulnerable 2022-04-15 12:59:39
Total: 12