cve/CVE-2018-16840.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

POC

Reference

No PoCs from references.

Github

https://github.com/KorayAgaya/TrivyWeb
https://github.com/Mohzeela/external-secret
https://github.com/siddharthraopotukuchi/trivy
https://github.com/simiyo/trivy
https://github.com/t31m0/Vulnerability-Scanner-for-Containers
https://github.com/umahari/security

1.0 KiB Raw Blame History

CVE-2018-16840

Description

POC

Reference

Github

1.0 KiB

Raw Blame History