curl: CVE-2026-9080: UAF after pause in socket callback
Hi all, We've found a heap-use-after-free in lib/multiev.c triggered by calling curleasypause from within a CURLMOPTSOCKETFUNCTION callback. ASAN-confirmed with the self-contained reproducer below. Affected versions: 8.13.0 – 8.20.0 current. The entry-action write line 280 has been vulnerable sin...