12 matches found
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1699)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1699 advisory. When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Tenable has extracted the preceding description block...
Medium: curl
Issue Overview: When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Affected Packages: curl Issue Correction: Run dnf update curl --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1699...
SUSE: Security Advisory (SUSE-SU-2026:20918-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
curl-8.19.0-1.1 on GA media (moderate)
curl-8.19.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10371-1 Rating: moderate Cross-References: CVE-2026-1965 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVSS scores: CVE-2026-1965 SUSE : 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N CVE-2026-1965 SUSE : 6.9...
Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection
The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability: - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
BELL-CVE-2026-3805
Bulletin has no description...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8084-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8084-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests...
CVE-2026-3805
A flaw was found in curl. When handling a second Server Message Block SMB request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or...
CVE-2026-3805
CVE-2026-3805 describes a heap-use-after-free in curl’s SMB connection reuse. During needle-based connection reuse, curl sets req->path to point inside the connection-owned smbc->share memory. When the needle is freed, smbc->share is freed as well, but req->path on the easy handle rem...
CVE-2026-3805 use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CURL-CVE-2026-3805 use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
Linux Distros Unpatched Vulnerability : CVE-2026-3805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Note that Nessus...