CVE-2023-27537

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

CWE	CWE-415
Vendor	n/a
Product	https://github.com/curl/curl
Published	Mar 30, 2023
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for n/a https://github.com/curl/curl

Be the first to know when new unknown vulnerabilities affecting n/a https://github.com/curl/curl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / https://github.com/curl/curl

Fixed in 8.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/1897203 security.netapp.com: https://security.netapp.com/advisory/ntap-20230420-0010/ security.gentoo.org: https://security.gentoo.org/glsa/202310-12