Double-free vulnerability in SASL authentication
Summary
The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice. A flaw was found in curl. The logic handling SASL (Simple Authentication and Security Layer) authentication could lead to a double-free vulnerability. This occurs because the GSASL context may be deallocated twice without clearing the pointer, potentially leading to memory corruption. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code. This Important flaw in curl's SASL authentication logic could lead to a double-free vulnerability, potentially resulting in memory corruption, denial of service, or arbitrary code execution. The impact is significant as curl is a widely used utility in Red Hat environments, and SASL authentication is a common enterprise configuration. Exploitation requires an attacker to interact with a service utilizing the vulnerable SASL authentication within curl. Exploitation of this flaw requires controlling which memory is addressed in the second free call and this is unlikely to be possible. Red Hat severity: Important — CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-1341. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Official advisory · high-confidence parse· fetched 27 seconds ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.