4 matches found
CVE-2026-9080
creationtimestamp| type| source ---|---|--- 2026-07-03 09:52:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpqblol6pi22 2026-07-03 21:37:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpriwslfl72k 2026-07-08 04:03:40+00:00| seen|...
libcurl 8.13.0 < 8.21.0 Use-After-Free in Socket Callback
The version of libcurl installed on the remote host is 8.13.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability. CVE-2026-9080 Note that Nessus has n...
curl: UAF read in mev_pollset_diff() trace path after curl_easy_pause() in socket callback
Summary: The CVE-2026-9080 fix re-fetches the shentry after the socket callback inside mevshentryupdate, because curleasypause called from that callback re-enters mevassess and can free the entry. The same re-fetch was not applied at the caller, mevpollsetdiff, which dereferences its own entry...
UBUNTU-CVE-2026-9080
Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...