A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
bugzilla.redhat.com/show_bug.cgi?id=1388388
curl.haxx.se/docs/adv_20161102I.html