Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 7:27 p.m.5 views

CVE-2026-10536

A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:7 a.m.3 views

HTTP/2 stream-dependency tree UAF

...

9.8CVSS6.1AI score0.00891EPSS
Exploits1
NVD
NVD
added 2026/07/03 7:16 a.m.10 views

CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS0.00891EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:11 a.m.33 views

CVE-2026-10536

CVE-2026-10536 describes a use-after-free in libcurl when an application builds an HTTP/2 stream-dependency tree with CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() and ends with curl_easy_cleanup(). During final cleanup libcurl may access/modify an internal structu...

9.8CVSS6AI score0.00891EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.19 views

libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free

The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...

9.8CVSS6AI score0.00891EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 8:0 a.m.17 views

CURL-CVE-2026-10536 HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS5.9AI score0.00891EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.8 views

HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS5.9AI score0.00891EPSS
Exploits1References1Affected Software2
Hacker One
Hacker One
added 2025/05/04 4:56 a.m.1004 views

curl: HTTP/3 Stream Dependency Cycle Exploit

Penetration Testing Report: HTTP/3 Stream Dependency Cycle Exploit --- 0x00 Overview A novel exploit leveraging stream dependency cycles in the HTTP/3 protocol stack was discovered, resulting in memory corruption and potential denial-of-service or remote code execution scenarios when used against...

8.3AI score
Exploits0
Rows per page
Query Builder