8 matches found
CVE-2026-10536
A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...
HTTP/2 stream-dependency tree UAF
...
CVE-2026-10536
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
CVE-2026-10536
CVE-2026-10536 describes a use-after-free in libcurl when an application builds an HTTP/2 stream-dependency tree with CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() and ends with curl_easy_cleanup(). During final cleanup libcurl may access/modify an internal structu...
libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free
The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...
CURL-CVE-2026-10536 HTTP/2 stream-dependency tree UAF
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
HTTP/2 stream-dependency tree UAF
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
curl: HTTP/3 Stream Dependency Cycle Exploit
Penetration Testing Report: HTTP/3 Stream Dependency Cycle Exploit --- 0x00 Overview A novel exploit leveraging stream dependency cycles in the HTTP/3 protocol stack was discovered, resulting in memory corruption and potential denial-of-service or remote code execution scenarios when used against...