Vulnerabilities > CVE-2021-22945 - Double Free vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH

Summary

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Vulnerable Configurations

Part Description Count
Application
Haxx
5
Application
Netapp
2
Application
Oracle
16
Application
Siemens
5
Application
Splunk
14
OS
Fedoraproject
2
OS
Netapp
8
OS
Apple
5
OS
Debian
1
Hardware
Netapp
8

Common Weakness Enumeration (CWE)