Allele Security Alert
Use-after-free in handle close
the Curl project
libcurl 7.59.0 to and including 7.61.1
libcurl >= 7.62.0
Proof of concept
libcurl contains a heap use-after-free flaw in code related to closing an easy handle.
When closing and cleaning up an “easy” handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Brian Carpenter (Geeknik Labs)
CURL 7.62.0 MOAR STUFF
use-after-free in handle close
TODO fixed: Detect when called from within callbacks
Curl_close: clear data->multi_easy on free to avoid use-after-free
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 6, 2019