4 matches found
EUVD-2026-41511
Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...
CVE-2026-9080
CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from the event-based CURLMOPT_SOCKETFUNCTION callback. The underlying issue is a freed mev_sh_entry pointer being used to update tracing fields, potentially allowing DoS or code execution paths. Affected softw...
libcurl 8.13.0 < 8.21.0 Use-After-Free in Socket Callback
The version of libcurl installed on the remote host is 8.13.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability. CVE-2026-9080 Note that Nessus has n...
CURL-CVE-2026-9080 UAF after pause in socket callback
Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...