Lucene search
K

17 matches found

CVE
CVE
added 2026/07/03 6:17 a.m.25 views

CVE-2026-9080

CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from the event-based CURLMOPT_SOCKETFUNCTION callback. The underlying issue is a freed mev_sh_entry pointer being used to update tracing fields, potentially allowing DoS or code execution paths. Affected softw...

7.3CVSS5.9AI score0.00494EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/03 6:17 a.m.9 views

EUVD-2026-41511

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

5.9AI score0.00494EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:17 a.m.43 views

CVE-2026-9080 UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

0.00494EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

libcurl 8.13.0 < 8.21.0 Use-After-Free in Socket Callback

The version of libcurl installed on the remote host is 8.13.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability. CVE-2026-9080 Note that Nessus has n...

7.3CVSS6AI score0.00494EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/06/25 12:17 p.m.20 views

curl: UAF read in mev_pollset_diff() trace path after curl_easy_pause() in socket callback

Summary: The CVE-2026-9080 fix re-fetches the shentry after the socket callback inside mevshentryupdate, because curleasypause called from that callback re-enters mevassess and can free the entry. The same re-fetch was not applied at the caller, mevpollsetdiff, which dereferences its own entry...

7.3CVSS5.8AI score0.00494EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/25 7:56 a.m.14 views

curl: Use-after-free in `mev_forget_socket` when `curl_easy_pause()` is called from a `CURL_POLL_REMOVE` socket callback (incomplete fix of CVE-2026-9080)

Summary libcurl's event interface lets the application's socket callback CURLMOPTSOCKETFUNCTION call curleasypause. CVE-2026-9080 was issued for a use-after-free that this triggers, and the fix added a post-callback re-fetch of the socket-hash entry in the UPDATE leg mevshentryupdate,...

7.3CVSS5.8AI score0.00494EPSS
Exploits1
OSV
OSV
added 2026/06/24 2:0 p.m.4 views

UBUNTU-CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00494EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.14 views

UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00494EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.7 views

CURL-CVE-2026-9080 UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00494EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:5 a.m.9 views

Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.45 views

CVE-2026-45918 ovpn: tcp - don't deref NULL sk_socket member after tcp_close()

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...

0.00163EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.15 views

CVE-2026-45836

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.7AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.21 views

PT-2026-43302

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A null pointer dereference exists in the Bluetooth L2CAP component. This occurs within the l2cap sock state change cb...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43304

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL-pointer dereference exists in the Bluetooth L2CAP subsystem, specifically within the l2cap sock get sndtimeo cb function. This issue can lead to kernel crashes and a denial of...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References286
Hacker One
Hacker One
added 2026/05/19 10:4 p.m.8 views

curl: CVE-2026-9080: UAF after pause in socket callback

Hi all, We've found a heap-use-after-free in lib/multiev.c triggered by calling curleasypause from within a CURLMOPTSOCKETFUNCTION callback. ASAN-confirmed with the self-contained reproducer below. Affected versions: 8.13.0 – 8.20.0 current. The entry-action write line 280 has been vulnerable sin...

7.3CVSS5.7AI score0.00494EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2025/04/02 3:3 p.m.0 views

Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005573 fixes one issue. The following security issue was fixed: CVE-2024-41062: Sync sock recv cb and release bsc1228578. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

7.3CVSS7.7AI score0.00212EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.2 views

kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsitargetskdataready callback will schedule the loginwork...

4.7CVSS6.7AI score0.00103EPSS
Exploits0References5
Rows per page
Query Builder