cve/CVE-2023-27537.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

POC

Reference

No PoCs from references.

Github

https://github.com/ctflearner/Learn365
https://github.com/fkie-cad/nvd-json-data-feeds

946 B Raw Blame History

CVE-2023-27537

Description

POC

Reference

Github

946 B

Raw Blame History