Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback
Summary
Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed. A flaw was found in libcurl. When `curl_easy_pause()` is called within the event-based `CURLMOPT_SOCKETFUNCTION` callback, a use-after-free vulnerability is triggered. This occurs because libcurl attempts to store a flag using a pointer to memory that has already been freed. An attacker could potentially exploit this to cause a denial of service or execute arbitrary code. This Important flaw in libcurl stems from a use-after-free vulnerability when `curl_easy_pause()` is called within the `CURLMOPT_SOCKETFUNCTION` callback. This could allow an attacker to achieve denial of service or arbitrary code execution without requiring user interaction or elevated privileges. While dependent on a specific application implementation, the broad adoption of libcurl means Red Hat products leveraging this callback pattern could be affected. Red Hat severity: Important — CVSS 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Weakness: CWE-825. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Official advisory · high-confidence parse· fetched 34 seconds ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.